Select Page

Nozomi Networks Labs

Defending Critical Infrastructure Against Cyber Risk

Nozomi Networks Labs is dedicated to reducing cyber risk for the world’s industrial and critical infrastructure organizations. Through our cybersecurity research and collaboration with industry and institutions, we’re helping defend the operational systems that support everyday life.

NEW Industroyer2: Nozomi Networks Labs Analyzes the IEC 104 Payload | Read Now

Vulnerability Advisories

Siemens PXC4.E16 Session Cookie Attribute Issues – CVE-2022-24045

The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”). Any attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information.

Siemens PXC4.E16 Lack of anti-Password Spraying and Credential Stuffing Mechanism – CVE-2022-24044

The login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks. An attacker could obtain a list of valid usernames on the device by exploiting the issue and then perform a precise Password Spraying or Credential Stuffing attack in order to obtain access to at least one account.

Labs Blogs

Nozomi Networks Discovers Vulnerability in Siemens Building Automation Software

Recently, we had the opportunity to do a security analysis of the Siemens PXC4.E16, a Building Automation System (BAS) of the Desigo/APOGEE family for HVAC and building service plants. In this blog, we are publishing the details of a vulnerability that was caused by an improper implementation of the password-based key derivation mechanism for user accounts. It could also have been abused to perform a Denial-of-Service (DoS) attack against the controller.

read more

Nozomi Networks Discovers Unpatched DNS Bug in Popular C Standard Library Putting IoT at Risk

Nozomi Networks Labs discovered a vulnerability (tracked under CVE-2022-05-02, ICS-VU-638779, VU#473698) affecting the Domain Name System (DNS) implementation of all versions of uClibc and uClibc-ng, a popular C standard library in IoT products. The flaw is caused by the predictability of transaction IDs included in the DNS requests generated by the library, which may allow attackers to perform DNS poisoning attacks against the target device.

read more

Industroyer2: Nozomi Networks Labs Analyzes the IEC 104 Payload

While Industroyer targets multiple IEC protocols, Industroyer2 is a standalone executable which exclusively targets IEC-104. Based on the analysis, it’s likely that the threat actor was in the network days before the attack and had a fairly complete understanding of security measures in the target environment, and that Industroyer2 was designed to be executed in a privileged environment with direct access to the target device.

read more

Webinars & Podcasts

Insights on the Top OT/IoT Security Threats – How to Protect Your Operations

Panelists: Alessandro Di Pinto, Ivan Speziale, Chris Grove
Duration: 50+ minutes

To help you address accelerating OT/IoT security issues, the Nozomi Networks Labs team shares their new research findings on the top threats targeting critical infrastructure and industrial operations. Learn about the current OT/IoT threat landscape, supply chain threats to OT and IoT environments, ransomware risks, and how to protect your critical OT/IoT networks.

P2P Botnets: Following the Network Trail Podcast & Webinar

Panelists: Ivan Speziale, Giannis Tsaraias, Chris Grove
Duration: 30+ minutes

To increase botnet resiliency, threat actors are now using a hybrid model, rather than a pure peer-to-peer one. While disrupting the malicious activity of P2P botnets can be challenges, there are proven strategies that can be follow when a specific network is affected. Learn about how P2P/hybrid botnets operate, how to spot botnet infections in your network, and the most effective ways to disrupt them.

Tools

Guardian Community Edition Assertions (Queries) for COVID-19 Cybersecurity

New assertions (queries) have been added to Guardian Community Edition to help with COVID-19-related cybersecurity challenges.

COVID-19 Malware: OT and IoT Threat Intelligence

To help your organization proactively detect and prevent COVID-19 themed cyberattacks, download our network indicators, ransomware and malware threat intelligence.

URGENT/11 Nmap NSE Script for Detecting Vulnerabilities

  • Our Nmap NSE script for detecting URGENT/11 vulnerabilities is a research tool for quickly checking industrial systems for vulnerable assets based on the version of VxWorks exposed within the FTP service.
  • Due the fact that is not always possible to detect the running version, we recommend that industrial operators use full featured security products for effective vulnerability assessment.

Reports

 Research Projects

Threat Intelligence

Curated and maintained by Nozomi Networks Labs, the Threat Intelligence™ service provides threat and vulnerability updates to Guardian, making it easy for IT/OT professionals to stay on top of current OT and IoT risks.

“Threat actors love finding new ways to attack critical infrastructure. We love finding new ways to detect their malware before damage occurs.”

ANDREA CARCANO & MORENO CARULLO

Co-founders, Nozomi Networks

COVID-19 Cybersecurity

© 2022 Nozomi Networks, Inc.
All Rights Reserved.