Industrial Cyber Security News
Stay up-to-date with Nozomi Networks on and
Nozomi Networks Labs has carried out an analysis into the LockerGoga ransomware, which aims to explain how the malware works and how victims can tell they are infected.
Nozomi Networks Labs explained: “The malware encrypts the files with the targeted extension and soon after drops the ransom note inside the filesystem, providing the user with the steps he/she must take in order to get the files back. It follows the classic approach present in most ransomware malware.”
Nozomi has pointed out that the malware includes some anti-analysis features, such as detecting the presence of virtual machines and deleting itself to prevent researchers from collecting samples.
The goal behind the lab to provide the ICS cyber security community with the information, tools and guidance that can help reduce cyber threats to industrial and critical national infrastructure.
While this is the formal launch of its research department, Nozomi has already conducted detailed analysis of some major threats targeting industrial control systems (ICS), including the GreyEnergy and Triton/Trisis malware families. The company has also created and released some tools that may be useful to defenders.
Unternehmen müssen für unterschiedliche Schutzebenen sorgen. Das reicht vom Absichern des Netzwerks selbst bis dahin, es auf Anomalien zu überwachen, die Anzeichen für eine Cyberbedrohung sein könnten. Angriffe auf kritische Infrastrukturen / CNI nehmen zu, das ist ein Fakt. Aber sowohl der öffentliche wie der private Sektor nehmen die Bedrohungen sehr ernst und ergreifen aktiv Schritte für mehr Sicherheit und Widerstandsfähigkeit dieser Umgebungen.
Suzanne Spaulding is an advisor to Nozomi Networks and a former Department of Homeland Security Under Secretary, she told me that she understands the mistrust but would certainly use Ghidra herself. “First, it’s incredibly useful for forensic threat analysts” she explains, continuing “second, it’s open source, so NSA would be taking a huge risk that anything malicious it might build in would be detected eventually.”
It’s important for those defending critical and industrial infrastructure to share knowledge and stay up-to-date on malware tradecraft.
Nozomi’s SCADAguardian uses deep packet inspection against tables of known malware behavior, as well as pattern recognition and relationship observations.
TÜV Rheinland and Nozomi Networks are collaborating to improve the detection and remediation time of cybersecurity threats that target operational technology infrastructure.
This week at the DistribuTECH conference, Nozomi Networks debuted its flagship industrial security and visibility solution as part of Siemens RUGGEDCOM Multi-Service Platforms. Nozomi’s SCADAguardian Advanced Container Edition provides industrial operators and cyber security teams with an embedded solution for real-time cyber security and OT network visibility.
An analysis of the malware linked with the 2015 cyber-attacks on the Ukrainian power grid reveals that hackers added a large amount of junk code to their malware in a bid to evade detection and to confuse security researchers.
His work shows that while attackers can be very persistent, so, too, are the analysts tracking them.
The consolidated solution provides industrial operators and cyber security teams with a rugged networking and switching platform that includes industrial cyber security capabilities built-in. Users can gain computing and cyber security functionality, while reducing rackspace and streamlining procurement and installation productivity.
If you need to know what talks to what in your ICS network, when, and what they say, then SCADAguardian is a flexible, friendly, and highly effective option.
“We need to stop making it so easy for hackers and bad actors who are simply using tools that have been around for years,” argued Suzanne Spaulding, Nozomi Networks adviser and former DHS under secretary.
We tested a number of different vendors, and Nozomi came out on top.
The pact allows Schneider to respond more aggressively to immediate demand for effective, operational technology cybersecurity services, solutions and expertise in oil and gas, power, building automation and other industrial sectors…“Nozomi is now part of the Schneider EcoStructure…
Schneider Electric Partners with Nozomi Networks to Provide Enhanced Solutions to Secure and Protect Critical Infrastructure
The partnership helps to strengthen Schneider Electric’s commitment to a defense-in-depth approach that helps to prevent and minimize cyberattacks and creates a multi-layered, multi-technology strategy to better safeguard critical systems.
Suzanne Spaulding, an advisor at security vendor Nozomi Networks and former DHS Under Secretary, warned: “With each passing day, the impact of the government shutdown on our nation’s security grows… Cybersecurity is hard enough with a full team. Operating at less than half strength means we are losing ground against our adversaries.”