OT & IoT
Security Blog
Learn More About OT & IoT Security and Visibility
OT & IoT Security Blog
Learn More About OT & IoT Security and Visibility
Tapping Visibility into OT & IoT Devices For Preventative Maintenance
Welcome to the last of a three-part series on digital transformation in operational technology (OT) environments (see parts one and two if you missed them). In this blog, I cover how organizations can use asset visibility to support preventative maintenance. Let’s...
Firmware Security Research: Dahua Facial Recognition Station
To illustrate how we tackle the issue of firmware inspection, Nozomi Networks Labs selected a popular facial/thermal recognition camera and describes how to analyze the firmware in detail.
The Federal Government Needs to Address OT/IoT Security NOW
hea
The Sprint to Secure U.S. Utilities – Nozomi Networks and the DOE Plan
Earlier this year the White House launched an ICS Cybersecurity Initiative designed to strengthen the cybersecurity of our nation’s critical infrastructure. The initiative began with a 100-Day Action Plan for the U.S. electricity subsector and has recently extended to oil and gas pipelines.
New Axis OS Security Research Aided by Transparent Design
Nozomi Networks Labs published three new vulnerabilities (CVE-2021-31986, CVE-2021-31987, CVE-2021-31988) affecting multiple Axis devices. The transparent approach applied by Axis into security review allowed Labs to perform an immediate static analysis and verification of the vulnerabilities.
Extract Firmware from OT Devices for Vulnerability Research
One of the most challenging tasks for a cybersecurity researcher is getting access to the underlying file system in OT devices to do a full analysis of potential attack vectors. This blog describes techniques for extracting firmware directly from the hardware and reading the flash content, a critical skill in a structured research team.
Why You Should Incorporate OT in Your Security Operations Center
Welcome to part two in my blog series on operational technology (OT) digital transformation (you can read Part 1 here). In my last post, I covered the important steps of gaining asset visibility and anomaly detection through the use of AI and machine learning. In this...
BlackMatter Ransomware Technical Analysis and Tools from Nozomi Networks Labs
Billions of IoT devices are used in the industrial sector and threat actors are quickly evolving new malware focused on them. Don’t miss this analysis of the SBIDIOT IoT malware to learn how it communicates with targets and what types of commands it supports. Includes IOCs.
Digital Transformation’s Impact on Operational Technology Security
With industrial sectors such as energy, oil & gas, and manufacturing rapidly digitizing their operations to remain competitive, executives are sharpening their focus on enterprise-wide cybersecurity. Converging IT and operational technology (OT) exposes many...
Surprising Findings in the SANS 2021 OT/ICS Cybersecurity Survey
The just-released SANS 2021 OT/ICS Cybersecurity Survey, sponsored by Nozomi Networks, uncovered some findings that surprised me, as well as survey author, Mark Bristow. Below, we take a look at some compelling statistics that ICS operators should take note of as they...
New Annke Vulnerability Shows Risks of IoT Security Camera Systems
Nozomi Networks Labs has discovered a remote code execution vulnerability in the Annke N48PBB network video recorder. We urge network defenders to check their systems for the device, and apply the available patch immediately.
The Clever Use of Postdissectors to Analyze Layer 2 Protocols
Nozomi Networks Labs analyzes the Layer 2 protocol used by the RUGGEDCOM devices, focusing on how to instruct Wireshark to properly detect it and begin the dissection process.
Securing Substations and Power Grids with ICS Anomaly Detection
One of the findings of the recent SANS report “Securing Industrial Control Systems – 2017” is that the number one technology industrial organizations are looking to implement over the next 18 months is intrusion detection.
Up until recently, detecting anomalies on ICS networks that might be caused by a cyberattack has been ”mission impossible.” That’s because such networks typically include equipment from a wide assortment of vendors, run thousands of real-time processes and generate huge volumes of data. Analyzing and monitoring this data to detect anomalies was very difficult.
The good news is that a new generation of ICS cyber security tool is available for industrial intrusion detection. This article describes how our product, SCADAguardian does it, and gives an example of how it would detect and counter a cyberattack on a regional control center of an electric power utility.
Ukraine, Vermont Utility Cyberattacks Highlight Need for Robust ICS Security in 2017
2016 ended with reports of 2 electric utility organizations, on different sides of the world (Ukraine and Vermont), citing cyberattacks or cyber infections. Both incidents highlight that corporate computer infections can threaten power systems and the need for robust ICS security in 2017. This article highlights the steps involved in the watershed 2015 Ukraine utility cyberattack as it moved from IT to OT systems and suggests ways of improving threat detection and mitigation.
New Research Uncovers 5 Vulnerabilities in Mitsubishi Safety PLCs
Vulnerabilities in Mitsubishi Safety PLCs were discovered by Nozomi Networks Labs. As no patches are available, we outline general mitigations that can be used to protect operational environments. The Nozomi Networks Threat Intelligence service also includes detection logic for these vulnerabilities.
PrintNightmare: How To Check If Your Systems Are Still Vulnerable
PrintNightmare: Cybersecurity researchers continue to uncover new, related vulnerabilities that can be exploited. Learn how to determine whether your systems remain vulnerable to known popular exploit PoCs (Proof of Concepts).
New Report: Ransomware, Vulnerabilities and IoT Security Threats
Nozomi Networks Labs has produced a new OT/IoT security report. Don’t miss this summary of vulnerability trends as well as important information about ransomware and IoT security camera threats.
PrintNightmare: Remote Code Execution in Windows Spooler Service
Several vulnerabilities affecting the Windows Print Service spooler require urgent attention by security teams across all industries. These risks are particularly concerning because the vulnerable service is enabled by default for Windows Domain Servers, the most sought-after target for attackers.
How to Dissect Unusual Protocols for Troubleshooting OT Security
To analyze the OT security risks of undocumented protocols, we need to understand how devices work, and how they communicate. Nozomi Networks Labs demonstrates how to use Lua APIs to instruct Wireshark to properly dissect an undocumented protocol.
New IoT Security Risk: ThroughTek P2P Supply Chain Vulnerability
Nozomi Networks Labs announces the discovery and disclosure of a new security camera vulnerability. It affects an embedded P2P software component from ThroughTek. This component is part of the supply chain for many original equipment manufacturers (OEMs) of consumer-grade security cameras and IoT devices.
Demonstrating the Link Between Functional Safety and ICS Security
In industrial control systems (ICS) with no protection measures, it can be easy for a threat actor to disrupt the system, threatening safety and production. Watch a simulated DoS attack to see how an attacker could exploit bad practices, and review what should be done to prevent such an attack.
Colonial Pipeline Ransomware Attack: Revealing How DarkSide Works
The Colonial Pipeline ransomware attack is one of the most notable critical infrastructure breaches of recent years. Learn the encryption, anti-detection and other techniques used by DarkSide’s main executable so you can evaluate your own defenses. Includes IoCs and a decryption script for detection.
Threat Intelligence: Analysis of the SBIDIOT IoT Malware
Billions of IoT devices are used in the industrial sector and threat actors are quickly evolving new malware focused on them. Don’t miss this analysis of the SBIDIOT IoT malware to learn how it communicates with targets and what types of commands it supports. Includes IOCs.
Defending Against IoT Security Camera Hacks Like Verkada
Verkada was the target of a successful cyberattack that allowed the perpetrators unfettered access to the live video feeds of 150,000 surveillance cameras. Network monitoring technology could have alerted them to the attack – and helped them contain and mitigate its impact.
New Report: Top OT/IoT Security Threats and Vulnerabilities
Nozomi Networks Labs has produced a new OT/IoT security report. This blog summarizes the most significant threats and vulnerability trends, as well as recommendations for improving your security posture. Read the blog and get the report to speed up your understanding of the current threat landscape.
New Reolink P2P Vulnerabilities Show IoT Security Camera Risks
Nozomi Networks Labs has discovered vulnerabilities in the Peer-to-Peer (P2P) feature of a commonly used line of security cameras – Reolink. P2P is used by several vendors and, if your CCTV camera has this feature, it’s important to understand the potential security risks.
ICS Security Lags Digitization in U.S. Oil and Gas Industry
A recently released study by the Ponemon Institute finds that 61% of oil and gas operators in the U.S. indicate that their organization’s ICS protection and security is inadequate. While the implementation of digitally connected industrial components is delivering business benefits, it has significantly increased cyber risk. Yet only 41% of companies continually monitor OT infrastructure to prioritize cyber threats and attacks.
Leonardo Partnership Boosts Critical Infrastructure Cyber Security
Power grids, transportation systems and other critical industrial infrastructure are the backbone of life – without them world economies would quickly come to a screeching halt. That’s why the partnership between global aerospace, defense and security leader Leonardo, and Nozomi Networks is more than just timely.
Nozomi Networks Integrates with Palo Alto Networks Next-Generation Firewall
Without comprehensive, real-time visibility of industrial control system (ICS) networks, devices and process status, protecting control networks from cyberattacks and avoiding operational disruptions is a serious challenge. Over the last half-decade, Nozomi Networks has built a successful reputation providing a solution to this very problem by offering a non-intrusive, real-time monitoring and threat detection solutionbuilt for ICS.
Now, Nozomi Networks has extended the utility and reach of Nozomi Networks Guardian through an integration with the Palo Alto Networks Next-Generation Firewall (NGFW). Find out why Nozomi Networks chose to integrate with this leading firewall and how the companies’ offerings work in tandem to help bridge the IT/OT gap.
Nozomi Networks Selected by FireEye for ICS Depth & Technical Excellence
Malware attacks like WannaCry, Dragonfly 2 and Industroyer have brought industrial cyber threats to the attention of corporate boards and governments around the world. As a result, CISOs and those responsible for critical infrastructure are demanding real, enterprise-grade OT security solutions. Many are reaching out to trusted partners in IT security, looking for help in securing their industrial control networks.
This is the driver behind our new partnership with FireEye. FireEye’s customers include more than 40% of the Forbes Global 2000 and they depend on FireEye to eliminate the complexity and burden of cyber security for them.
To help extend its ICS cyber security offerings, FireEye recently thoroughly analyzed the market for ICS network security monitoring solutions. We’re happy to announce today that our solution has been selected by FireEye to provide cyber security visibility and threat detection for industrial control systems. Find out why our technical excellence and ICS expertise stands out from the crowd.
Advance IT / ICS Cyber Security with Nozomi Networks and Fortinet
In the future, an organization’s cyber security strategy will largely be defined by how well both OT and IT networks can integrate to bring improved vigilance, visibility and protection. In today’s connected world this is more important than ever.
Recently, Nozomi Networks had the privilege of speaking at the 2017 Fortinet 361 event in Vienna, Austria, where IT / OT cyber resilience was a hot topic. I was pleased to discover that many attendees were interested in Fortinet’s commitment to OT (Operations Technology) and ICS (Industrial Control Systems) cyber security. They were also eager to learn how Nozomi Networks is helping Fortinet extend their security offering into the industrial realm with our technology.
If you’re interested in improving IT / ICS cyber security, read on to find out more about the synergetic partnership between Fortinet and Nozomi Networks, and how our products provide the critical ICS cyber security thread for Fortinet Security Fabric.
THE LATEST LABS BLOGS
Critical Log4Shell (Apache Log4j) Zero-Day Attack Analysis
An analysis of the Apache Log4j vulnerability and the architecture of zero-day exploits (CVE-2021-44228) from Nozomi Networks Labs.
The S3CUREC4M Project: Vulnerability Research in Modern IP Video Surveillance Technologies
Learn how to assess the security posture of an IP video surveillance system, including hardware extraction and firmware analysis techniques.
Five New Vulnerabilities Disclosed in Patient Monitoring Systems
Nozomi Networks Labs discloses five vulnerabilities affecting attack surfaces on a Philips patient monitoring solution. Solutions from other vendors may have similar vulnerabilities.