OT & IoT
Security Blog
Learn More About OT & IoT Security and Visibility
OT & IoT Security Blog
Learn More About OT & IoT Security and Visibility
Answering the Call for Heightened Vigilance in the Face of Unknown Threats
With vendors leveraging increasingly advanced obfuscation and encryption techniques to protect the confidentiality of their code, finding vulnerabilities can be especially challenging. Another difficulty is the firmware itself becoming a challenge to reverse, if it was compiled for an obsolete architecture and commercial disassemblers can’t properly reconstruct it. The firmware in the Schneider Electric APC PDU is an example of such a code; it has been around for years and is compiled for an old and obsolete version of the Intel 80286, which prevents easy reading or inspection.
Reverse Engineering Obfuscated Firmware for Vulnerability Analysis
With vendors leveraging increasingly advanced obfuscation and encryption techniques to protect the confidentiality of their code, finding vulnerabilities can be especially challenging. Another difficulty is the firmware itself becoming a challenge to reverse, if it was compiled for an obsolete architecture and commercial disassemblers can’t properly reconstruct it. The firmware in the Schneider Electric APC PDU is an example of such a code; it has been around for years and is compiled for an old and obsolete version of the Intel 80286, which prevents easy reading or inspection.
Nozomi Networks Stands with Ukraine
Nozomi Networks stands with Ukraine. We do not have a presence in or do business with Russia.
Manufacturing: Security and Resilience Start with Visibility
How do manufacturers ensure business continuity while transitioning to Industry 4.0? Visibility is the key to both cybersecurity and operational resilience. Learn more.
How IoT Botnets Evade Detection and Analysis
One key technique to stymie reverse engineering botnet code is to obfuscate the code by compressing or encrypting the executable, called packing. This blog explores the current packers used by IoT malware, using data collected by Nozomi Networks honeypots.
How Viable is Zero Trust for OT/IoT Networks? Is it a Journey or a Destination?
On January 26, 2022, the Biden administration’s acting director of the Office of Management and Budget (OMB) issued a memorandum to Executive Branch department heads and agencies on moving the U.S. government toward Zero Trust cybersecurity principles. The memo laid...
New OT/IoT Security Report: Trends and Countermeasures for Critical Infrastructure Attacks
Nozomi Networks Labs’ latest OT/IoT Security Report Delves Into Cyber Attack Trends, Vulnerabilities and Attack Countermeasures In our latest OT/IoT Security Report, Nozomi Networks Labs brings together an in-depth analysis of industry trends and our own security...
How to Analyze Malware for Technical Writing
In the ever-changing world of cybersecurity, new threats appear and evolve on a regular basis. To efficiently conduct an analysis and publish new findings on emerging malware, it’s important to be prepared. We share tips on how researchers can conduct the analysis, and a suggested workflow.
Methods for Extracting Firmware from OT Devices for Vulnerability Research
This second part of our hardware hacking series focuses on how to dump the memory contents for two different kinds of memory packages, WSON and SOP/SOIC.
The Year of the Defender – 2022 Predictions for OT/IoT Security
2021 was an unprecedented year for OT, IoT and ICS security, with news-making attacks like Colonial Pipeline, JBS, Oldsmar Water and Kaseya – and coming to a close with the Log4j vulnerability. As we enter the new year, ransomware and threats to OT/ICS environments...
Web Interface Flaw Threatens Reliability of Cyber-Physical Systems
Today Nozomi Networks Labs announced the discovery & disclosure of a vulnerability in the web interface of the Schneider Electric Power Distribution Unit (PDU)-the APC AP7920B. Based on the flaw, about 10% of all desktop browsers worldwide could have been successfully leveraged to execute an attack.
Critical Log4Shell (Apache Log4j) Zero-Day Attack Analysis
An analysis of the Apache Log4j vulnerability and the architecture of zero-day exploits (CVE-2021-44228) from Nozomi Networks Labs.
Ukraine, Vermont Utility Cyberattacks Highlight Need for Robust ICS Security in 2017
2016 ended with reports of 2 electric utility organizations, on different sides of the world (Ukraine and Vermont), citing cyberattacks or cyber infections. Both incidents highlight that corporate computer infections can threaten power systems and the need for robust ICS security in 2017. This article highlights the steps involved in the watershed 2015 Ukraine utility cyberattack as it moved from IT to OT systems and suggests ways of improving threat detection and mitigation.
Critical Log4Shell (Apache Log4j) Zero-Day Attack Analysis
An analysis of the Apache Log4j vulnerability and the architecture of zero-day exploits (CVE-2021-44228) from Nozomi Networks Labs.
Five New Vulnerabilities Disclosed in Patient Monitoring Systems
Nozomi Networks Labs discloses five vulnerabilities affecting attack surfaces on a Philips patient monitoring solution. Solutions from other vendors may have similar vulnerabilities.
The Long-range Disruption of Industrial IoT LoRaWAN Networks
The Nozomi Networks Labs team used drones to investigate attacks against a low-power radio frequency WAN technology widely used in industrial IoT networks.
Enhancing Threat Intelligence with the MITRE ATT&CK Framework
Billions of IoT devices are used in the industrial sector and threat actors are quickly evolving new malware focused on them. Don’t miss this analysis of the SBIDIOT IoT malware to learn how it communicates with targets and what types of commands it supports. Includes IOCs.
Firmware Security Research: Dahua Facial Recognition Station
To illustrate how we tackle the issue of firmware inspection, Nozomi Networks Labs selected a popular facial/thermal recognition camera and describes how to analyze the firmware in detail.
New Axis OS Security Research Aided by Transparent Design
Nozomi Networks Labs published three new vulnerabilities (CVE-2021-31986, CVE-2021-31987, CVE-2021-31988) affecting multiple Axis devices. The transparent approach applied by Axis into security review allowed Labs to perform an immediate static analysis and verification of the vulnerabilities.
Extract Firmware from OT Devices for Vulnerability Research
One of the most challenging tasks for a cybersecurity researcher is getting access to the underlying file system in OT devices to do a full analysis of potential attack vectors. This blog describes techniques for extracting firmware directly from the hardware and reading the flash content, a critical skill in a structured research team.
BlackMatter Ransomware Technical Analysis and Tools from Nozomi Networks Labs
Billions of IoT devices are used in the industrial sector and threat actors are quickly evolving new malware focused on them. Don’t miss this analysis of the SBIDIOT IoT malware to learn how it communicates with targets and what types of commands it supports. Includes IOCs.
New Annke Vulnerability Shows Risks of IoT Security Camera Systems
Nozomi Networks Labs has discovered a remote code execution vulnerability in the Annke N48PBB network video recorder. We urge network defenders to check their systems for the device, and apply the available patch immediately.
The Clever Use of Postdissectors to Analyze Layer 2 Protocols
Nozomi Networks Labs analyzes the Layer 2 protocol used by the RUGGEDCOM devices, focusing on how to instruct Wireshark to properly detect it and begin the dissection process.
New Research Uncovers 5 Vulnerabilities in Mitsubishi Safety PLCs
Vulnerabilities in Mitsubishi Safety PLCs were discovered by Nozomi Networks Labs. As no patches are available, we outline general mitigations that can be used to protect operational environments. The Nozomi Networks Threat Intelligence service also includes detection logic for these vulnerabilities.
PrintNightmare: How To Check If Your Systems Are Still Vulnerable
PrintNightmare: Cybersecurity researchers continue to uncover new, related vulnerabilities that can be exploited. Learn how to determine whether your systems remain vulnerable to known popular exploit PoCs (Proof of Concepts).
ICS Security Lags Digitization in U.S. Oil and Gas Industry
A recently released study by the Ponemon Institute finds that 61% of oil and gas operators in the U.S. indicate that their organization’s ICS protection and security is inadequate. While the implementation of digitally connected industrial components is delivering business benefits, it has significantly increased cyber risk. Yet only 41% of companies continually monitor OT infrastructure to prioritize cyber threats and attacks.
Leonardo Partnership Boosts Critical Infrastructure Cyber Security
Power grids, transportation systems and other critical industrial infrastructure are the backbone of life – without them world economies would quickly come to a screeching halt. That’s why the partnership between global aerospace, defense and security leader Leonardo, and Nozomi Networks is more than just timely.
Nozomi Networks Integrates with Palo Alto Networks Next-Generation Firewall
Without comprehensive, real-time visibility of industrial control system (ICS) networks, devices and process status, protecting control networks from cyberattacks and avoiding operational disruptions is a serious challenge. Over the last half-decade, Nozomi Networks has built a successful reputation providing a solution to this very problem by offering a non-intrusive, real-time monitoring and threat detection solutionbuilt for ICS.
Now, Nozomi Networks has extended the utility and reach of Nozomi Networks Guardian through an integration with the Palo Alto Networks Next-Generation Firewall (NGFW). Find out why Nozomi Networks chose to integrate with this leading firewall and how the companies’ offerings work in tandem to help bridge the IT/OT gap.
Nozomi Networks Selected by FireEye for ICS Depth & Technical Excellence
Malware attacks like WannaCry, Dragonfly 2 and Industroyer have brought industrial cyber threats to the attention of corporate boards and governments around the world. As a result, CISOs and those responsible for critical infrastructure are demanding real, enterprise-grade OT security solutions. Many are reaching out to trusted partners in IT security, looking for help in securing their industrial control networks.
This is the driver behind our new partnership with FireEye. FireEye’s customers include more than 40% of the Forbes Global 2000 and they depend on FireEye to eliminate the complexity and burden of cyber security for them.
To help extend its ICS cyber security offerings, FireEye recently thoroughly analyzed the market for ICS network security monitoring solutions. We’re happy to announce today that our solution has been selected by FireEye to provide cyber security visibility and threat detection for industrial control systems. Find out why our technical excellence and ICS expertise stands out from the crowd.
Advance IT / ICS Cyber Security with Nozomi Networks and Fortinet
In the future, an organization’s cyber security strategy will largely be defined by how well both OT and IT networks can integrate to bring improved vigilance, visibility and protection. In today’s connected world this is more important than ever.
Recently, Nozomi Networks had the privilege of speaking at the 2017 Fortinet 361 event in Vienna, Austria, where IT / OT cyber resilience was a hot topic. I was pleased to discover that many attendees were interested in Fortinet’s commitment to OT (Operations Technology) and ICS (Industrial Control Systems) cyber security. They were also eager to learn how Nozomi Networks is helping Fortinet extend their security offering into the industrial realm with our technology.
If you’re interested in improving IT / ICS cyber security, read on to find out more about the synergetic partnership between Fortinet and Nozomi Networks, and how our products provide the critical ICS cyber security thread for Fortinet Security Fabric.
THE LATEST LABS BLOGS
New BotenaGo Variant Discovered by Nozomi Networks Labs
While the use of open-source programming languages has its benefits, attackers find it equally beneficial and have been utilizing Go to code malicious malware. Our research highlights a new variant of the BotenaGo malware that specifically targets Lilin security camera DVR devices, which we have named Lillin scanner.
INCONTROLLER: Acting to Protect Customers from Unknown Threats
INCONTROLLER is believed to have been developed by a sophisticated nation state threat actor to maliciously manipulate ICS environments. The latest Nozomi Networks Threat Intelligence package includes YARA rules to detect the two supporting Windows-based INCONTROLLER tools.
Industroyer2 Targets Ukraine’s Electric Grid: How Companies Can Stay Protected and Resilient
In light of the attempted attack on Ukraine’s power grid with Industroyer2 malware, the safety and security of Nozomi Networks customers is our top priority. Our latest Threat Intelligence package provides Industroyer2 Indicators of Compromise (IoCs) that will detect and alert customers of any known activity linked to the malware.