Select Page

Nozomi Networks Labs

Defending Critical Infrastructure Against Cyber Risk

Nozomi Networks Labs is dedicated to reducing cyber risk for the world’s industrial and critical infrastructure organizations. Through our cybersecurity research and collaboration with industry and institutions, we’re helping defend the operational systems that support everyday life.

NEW Nozomi Networks is a CVE Numbering Authority (CNA) |  Learn More

Threat Advisories

Labs Blogs

Webinars & Podcasts

P2P Botnets: Following the Network Trail

Panelists: Ivan Speziale, Giannis Tsaraias, Chris Grove
Wednesday November 4, 2020
8:00 am PDT | 11:00 am EDT | 17:00 CET

Duration: 30+ minutes

To increase botnet resiliency, threat actors are now using a hybrid model, rather than a pure peer-to-peer one. While disrupting the malicious activity of P2P botnets can be challenges, there are proven strategies that can be follow when a specific network is affected. Learn about how P2P/hybrid botnets operate, how to spot botnet infections in your network, and the most effective ways to disrupt them.

How to Use the MITRE ATT&CK Framework for ICS

Panelists: Yiannis Stavrou, Patrick Bedwell, Chris Grove
Duration: 30+ minutes
Learn how security teams can use the MITRE ATT&CK Framework for ICS to enhance their organization’s security strategies and policies. The framework uses threat modelling to classify malicious cybersecurity events against an OT environment, and is designed to describe the course of action an adversary might follow, and create a knowledge base of threat actor behaviors.

OT/IoT Security Report 2020

Panelists: Andrea Carcano, Alessandro Di Pinto, Ivan Speziale
Duration: 50 minutes
Learn about the most active threats seen in the first six months of 2020, including IoT malware, ransomware, and COVID-19-themed malware. Gain insight into their tactics, and get recommendations for securing your OT/IoT networks.

Tools

Guardian Community Edition Assertions (Queries) for COVID-19 Cybersecurity

New assertions (queries) have been added to Guardian Community Edition to help with COVID-19-related cybersecurity challenges.

COVID-19 Malware: OT and IoT Threat Intelligence

To help your organization proactively detect and prevent COVID-19 themed cyberattacks, download our network indicators, ransomware and malware threat intelligence.

URGENT/11 Nmap NSE Script for Detecting Vulnerabilities

  • Our Nmap NSE script for detecting URGENT/11 vulnerabilities is a research tool for quickly checking industrial systems for vulnerable assets based on the version of VxWorks exposed within the FTP service.
  • Due the fact that is not always possible to detect the running version, we recommend that industrial operators use full featured security products for effective vulnerability assessment.

Reports

TRITON: The First ICS Cyber Attack on Safety Instrument Systems, Understanding the Malware, Its Communications and Its OT Payload

How to turn an undocumented ICS device into malicious code, starting from creating a working system and followed by reverse engineering and malware analysis. While the TRITON malware attack failed to deliver a malevolent OT payload to the Triconex controller, our researchers succeeded. Two new tools were released to help the ICS community secure Triconex SIS.

 Research Projects

Threat Intelligence

Curated and maintained by Nozomi Networks Labs, the Threat Intelligence™ service provides threat and vulnerability updates to Guardian, making it easy for IT/OT professionals to stay on top of current OT and IoT risks.

“Threat actors love finding new ways to attack critical infrastructure. We love finding new ways to detect their malware before damage occurs.”

ANDREA CARCANO & MORENO CARULLO

Co-founders, Nozomi Networks

© 2020 Nozomi Networks, Inc.
All Rights Reserved.