For a change, we’re not going to talk about information security today. Instead, this is about industrial data analysis at the Chelyabinsk Pipe Rolling Plant (ChelPipe). Out of the blue? Not really. It’s actually another area of application for our innovations, and it goes by the name “trusted show more ...
industrial data.” Raw industrial data Large enterprises operate thousands of lathes, turbines, furnaces, and other machinery, each with sensors that monitor processes second by second. Did you ever wonder how much data all that industrial equipment generates? Our experts did, and they found 1,500 signal sources per automated process control system (APCS) at the average enterprise. For giants (for example, companies that manage a nationwide network of trunk oil pipelines), the number can exceed a million. Moreover, each average individual sensor or controller can generate 10,000 to 15,000 measurements per second. Do you know how much of that data is actually used? It depends on the criticality of the instrument in question, but on average, organizations send no more than 10%–15% of the information they collect to the supervisory control and data acquisition (SCADA) system. That is sufficient to evaluate the system’s operability, and no one wants to overload the SCADA. After all, judging by the amount of data, each signal takes up about 80 bytes. Therefore, the average APCS can generate approximately 100 gigabytes of raw industrial data per minute — and on a good day uses about one-tenth of it. The other 90% is wasted. And that’s in the age of big data, when data scientists would sell their souls for an extra byte. How can you put data from industrial sensors to better use? In general, industrial sensors transmit data to the SCADA system for process control, accident prevention, and so on. In recent decades, such data has also been of interest to enterprise resource planning (ERP) systems and other data analysis mechanisms. However, they don’t collect this data from sensors, but usually from the SCADA system. In other words, they take only 10% of all information generated. Can you imagine how much more efficient these systems would be with access to all of the data? What do Kaspersky and ChelPipe have to do with it? We’ve written about KasperskyOS, our secure operating system for IoT, embedded systems, and other special-purpose applications, and we’ve also talked about our subsidiary scientific production association, Adaptive Production Technology (APROTECH), which is developing an IIoT gateway based on our OS. So, we jointly created this gateway — and not just one; we’re working on two more (but that’s a topic for another post). During the process of implementing the first device, APROTECH experts discovered a great, if nonstandard, use for our system. In 2019, while testing out use scenarios for the gateway, they started offering it to potential customers for pilot implementation. One of those prospects was ChelPipe. Naturally, we talked to the infosec team first, but before we knew it, the engineers had gotten involved. They too, it turned out, had a specific interest in the device. After all, why were we developing this device? It was mainly to collect detailed information from IIoT sensors and send it through a trusted channel for further processing. The device architecture minimizes the risk of raw industrial data being substituted or of someone tinkering with the “further processing” system and gaining control over the industrial equipment. The engineers at ChelPipe were enthused about the idea of obtaining such data in real time. With that access, they could resolve a number of key issues — for example, determine what factors, under conditions that were otherwise equal, cause a change in the process indicators. Armed with this information, they can make operational decisions practically on the fly. For the pilot implementation, the engineers selected a number of important parameters to control, and APROTECH experts configured the KasperskyOS-based gateway to collect telemetry from the equipment and transmit it to the Siemens MindSphere platform. ChelPipe’s interest lies not so much in the gateway as in the results of processing trusted industrial data, so, working with specialists from Siemens and Sinimex, the engineers created an end-to-end digital service to collect, accumulate, and visualize the data. Developing the idea further However, processing raw industrial data for engineering firms is only the beginning. During the implementation process, the capacity to transfer such data over a trusted channel and process it also caught the eye of business analysts, who could use this data to, for example, calculate the margin yield per unit of equipment or of a production site. That is the domain not of engineers, but rather of managing directors. Generally speaking, the ability to collect full raw industrial data may soon change the process of building forecasts and models not only for engineering, but also for business. For now, our gateway is still in the piloting stage and is not yet available on the market. You can learn more about the solution on the APROTECH website.
The Taiwanese hardware vendor urged customers last week to update the firmware and apps installed on their network-attached storage (NAS) devices to avoid infections with the new AgeLocker ransomware.
Many schools use unmanaged computers that are prone to vulnerabilities, creating countless opportunities for cybercriminals to use those devices as an attack vector to the internal network.
Cisco Talos is tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, a privilege escalation bug in Netlogon, outlined in the August Patch Tuesday report.
The Defending the Integrity of Voting Systems Act was unanimously approved by the House of Representatives last week after gaining a green light from the Senate last year.
Twitter Inc appointed Rinki Sethi, a former information security executive at IBM, as its chief information security officer, the social media company said in a tweet here on Monday.
With today's news of the attack on CMA CGM, this now means that all of the four biggest maritime shipping companies in the world have been hit by cyber-attacks in the past four years, since 2017.
The FBI Private Industry Notification says greater use of botnets enables cybercriminals and fraudsters to quickly hit many targets in search of finding credentials that work.
Cybersecurity is the number one technology priority for planned digital transformation projects as businesses adapt to a surge in remote working as a result of the COVID-19 pandemic.
As online users become increasingly aware of and use multifactor authentication (MFA), attackers are devising new ways to circumvent the technology — and often with great success.
The Department of Health and Human Services’ Office for Civil Rights (OCR) has imposed a $6.85m penalty on Premera Blue Cross to resolve potential violations of the HIPAA Act.
An ongoing phishing attack puts pressure on enterprise employees to upgrade their Windows 7 systems – but in reality, they are redirected to a fake Outlook login page that steals their credentials.
The agencies warned that U.S. voter information is widely available through other avenues than illegal hacking, and that access to voter information had not impacted election results.
The TeamTNT hacking group has been previously documented using several tools including crypto-miners and credential-stealing worms to target instances on Amazon Web Services (AWS).
The lifecycle of a good cybersecurity idea may start with tech, but it requires a powerful infusion of foresight and listening to make it through investor and customer pipelines.
Of the thousands of notifications Microsoft made to customers about state-linked hacking activity from mid-2019 to mid-2020, NGOs accounted for 32% of alerts, the company said in a recent report.
“Swatch Group confirms that it has identified clear signs of a developing cyber-attack on some of its IT systems during the weekend,” the company said in an emailed statement.
Locking doctors out of patient records could easily have life-or-death consequences. If a hospital had to pay a ransom to unlock its systems, perhaps it couldn’t buy additional ventilators.
Researchers have observed a surge in Distributed Denial of Service (DDoS) attacks throughout the course of this year, and the attacks are getting more powerful and more disruptive.
To be managed by the Department of Premier and Cabinet's Office of Digital Government, the center will provide further support to existing cybersecurity efforts across government.
Martin Hron, a senior researcher at security firm Avast, hacked the iKettle coffee maker’s third version, which costs $230, and installed ransomware, without compromising the network or router.
The developers noted that SHA-1 algorithm is still widely used, despite the availability of alternatives such as SHA-2, support by OpenSSH since the 7.2 release, and others supported for even longer.
The illegal release late last week of sensitive information from the Clark County School District in Las Vegas, with about 320,000 students, demonstrates an escalation in tactics for hackers.
The Pakistan-linked hacker group, Transparent Tribe, is reportedly behind the attack campaign aimed at stealing critical infrastructure and strategic data via phishing emails, from Indian targets.
On September 28, a federal jury in Frankfort, Kentucky found the Bulgarian national guilty of one count of conspiracy to commit racketeering and one count of conspiracy to commit money laundering.
Text storage service Pastebin last week announced the introduction of two new security features, but some industry professionals believe they will likely be abused by malicious actors.
Symantec discovered a cyber-espionage campaign that is using new malware to infiltrate targets around the world including organizations in media, finance, construction, and engineering.
Cyber espionage groups increasingly use cloud-based services and open source tools to create their infrastructure for gathering data and cyberattacks, attempting to hide their activities.
Two of the most popular flight tracking websites, Flightradar24 and PlaneFinder had their service disrupted after consecutively suffering multiple seemingly well-organized cyberattacks.
The Silicon Valley cybersecurity giant filed Monday for an IPO on the Nasdaq, a move that would separate the company from buyout firm TPG, which spun off McAfee from Intel in 2017.
First reported on the HackerOne bug bounty platform by security researcher William Bowling, the new prototype pollution vulnerability was found in a JavaScript file used to host content from Wistia.
Arista Networks will acquire Awake Security for an undisclosed amount in a deal that gives the networking vendor a network detection and response (NDR) security platform.
While the spyware previously targeted Windows, iOS, and Android users, researchers have discovered the recent FinSpy campaigns using new variants that target macOS and Linux users.
A cybercriminal group has been discovered launching brute-force attacks on thousands of MSSQL servers to deploy a cryptomining malware dubbed MrbMiner in compromised systems.
A Kaspersky report found that during the first half of 2020 the percentage of systems attacked in the oil and gas and building automation industries increased as compared to H2 2019.
A total of 17 Joker-infected apps were removed from Google Play Store. The apps were designed to steal SMS messages, contact lists, device information, and conduct WAP billing fraud.
CloudMe version 1.11.2 exploit that uses MSVCRT.System to create a new user (boku:0v3R9000!) and add the new user to the Administrators group. A requirement of successful exploitation is the CloudMe.exe process must be running as administrator.
Red Hat Security Advisory 2020-4059-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and show more ...
interacting with the virtualized systems. Issues addressed include information leakage and out of bounds read vulnerabilities.
Red Hat Security Advisory 2020-4047-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures.
Red Hat Security Advisory 2020-4051-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
Red Hat Security Advisory 2020-4050-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
Red Hat Security Advisory 2020-4049-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.
Red Hat Security Advisory 2020-4048-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
Red Hat Security Advisory 2020-4055-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
Red Hat Security Advisory 2020-4058-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.
Red Hat Security Advisory 2020-4054-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
Ubuntu Security Notice 4547-2 - It was discovered that the LibVNCClient vendored in SSVNC incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.
I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable to a critical privilege escalation bug that resides in the Netlogon Remote Control Protocol for Domain
Reading Time: ~ 2 min. DHS Announces Massive Increase in LokiBot Attacks By monitoring and tracking of cyberattacks over 2020, U.S. Department of Homeland Security (DHS) officials have uncovered a significant increase in cyberattacks being carried out by LokiBot, a malicious info-stealer of stored passwords and show more ...
cryptocurrency information. The increase in LokiBot attacks can likely be attributed to its ability to steal credentials from hundreds of applications, and its range of other features that make it appealing to a wide variety of cyber criminals. Long Island Hospital Suffers Data Breach Blackbaud, a third-party vendor for a Long Island hospital, may have exposed sensitive patient information after it suffered a data breach this summer. In a July statement, Blackbaud revealed personally identifiable information for a number of patients was stolen but claimed it was destroyed shortly afterwards. Affected patients have been contacted regarding the breach and stolen information. Thousands of Customers Exposed in Town Sports Breach A database containing highly sensitive information belonging to over 600,000 customers and employees of Town Sports International was found publicly exposed on the internet. Town Sports recently filed for bankruptcy and was notified of this breach roughly a week later. While the company did not publically respond to the findings, the information secured the following day included everything from physical addresses to payment card info and other billing data. Past clients of the fitness chain should be wary of any emails they receive regarding their Town Sports memberships. Global Operation Takes Down Major Dark Web Drug Network In a major collaboration between Europol and other global intelligence organizations, 179 individuals across six countries have been arrested in relation to drug trafficking through Dark Web markets. Officials also revealed that this bust allowed them to seize $6.5 million in cash and hundreds of kilograms of illicit drugs. The operation is another setback for anonymous marketplaces allowing for the buying and selling of illegal goods and services as law enforcement continues to target rogue online bazaars. Data from Over 200 Merchants Leaked in Shopify Breach Data from at least 200 merchants was compromised after an internal support employee for Shopify was found to be stealing data. While the data included only basic contact information on customers and no payment card or social security info was taken, officials for Shopify are still working to determine the extent of the theft and if it has further changed hands. The employees involved with this breach have since been fired and all access to Shopify systems has been revoked to prevent further incident. The post Cyber News Rundown: LokiBot Attacks Increase appeared first on Webroot Blog.