Record ICS vulnerabilities could leave critical infrastructure exposed #CyberSecurity #IndustrialControlSystems

https://betanews.com/article/record-ics-vulnerabilities-could-leave-critical-infrastructure-exposed/

Could your next software update hide a ticking time bomb? Malicious NuGet packages are now creeping into trusted code—targeting databases and industrial systems with stealthy triggers that only go off on a specific date. How safe is your code, really?

https://thedefendopsdiaries.com/malicious-nuget-packages-how-probabilistic-time-bombs-threaten-the-software-supply-chain/

#nugetsecurity
#softwaresupplychain
#malwareanalysis
#industrialcontrolsystems
#csharpextensionmethods

🌐Securing Critical Infrastructure 🌐

Dive into the world of industrial control systems with @hacks4pancakes from @dragosinc. In this episode of the Breaking Badness Cybersecurity Podcast, discover the unique challenges and essential practices for securing our critical infrastructure. 🚧🔒

#CyberSecurity #IndustrialControlSystems #OTSecurity #Dragos

Listen wherever you get podcasts

Apple: https://podcasts.apple.com/us/podcast/industrial-cybersecurity-explained-with-lesley-carhart/id1456143419?i=1000668351711

Spotify: https://open.spotify.com/episode/5S8UINAbTA1XC4TvMZBBqT

YouTube: https://www.youtube.com/watch?v=S2f4MSQL7gg&ab_channel=DomainTools

📣 Several #ACSAC2024 workshops now have the CfPs online. Overview of the submission deadlines:

(Post 1/2)

Industrial Control System Security: 12 August

Recent Advances in Resilient and Trustworthy Machine learning-driveN systems: 1 September

#IndustrialControlSystems # ML

New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure

Date: July 23, 2024

CVE: N/A

Vulnerability Type: Exploitation of Modbus TCP communication

CWE: [[CWE-668]], [[CWE-20]], [[CWE-74]]

Sources: The Hacker News, Yahoo News, Dragos

Synopsis

FrostyGoop is a newly identified malware designed to target Industrial Control Systems (ICS) by exploiting Modbus TCP communication protocols. This malware caused significant disruption to critical infrastructure in Lviv, Ukraine, earlier this year.

Issue Summary

In January 2024, FrostyGoop malware targeted an energy company in Lviv, resulting in a 48-hour loss of heating services to over 600 apartment buildings. This malware interacts directly with ICS devices using Modbus TCP over port 502, making it a serious threat to critical infrastructure.

Technical Key Findings

FrostyGoop, written in Golang, can read and write to ICS device registers and uses JSON-formatted configuration files to target specific IP addresses and Modbus commands. Initial access was likely gained through a vulnerability in Mikrotik routers.

Vulnerable Products

ENCO controllers with TCP port 502 exposed and ICS devices using Modbus TCP are particularly vulnerable to this malware.

Impact Assessment

The malware's ability to manipulate ICS devices can lead to significant operational disruptions, inaccurate system measurements, and potential safety hazards, affecting public safety and industrial operations.

Patches or Workarounds

Currently, there are no specific patches available for FrostyGoop.

#FrostyGoop #ICS #ModbusTCP #CriticalInfrastructure #CyberAttack #EnergySector #Ukraine #Dragos #IndustrialControlSystems #Golang #MikrotikVulnerability

Incredible insights from speakers and industry experts at the #HacktheCapital conference.

#ICSVillage #IndustrialControlSystems #CriticalInfrastructure

Promising tool
https://github.com/cisagov/parsnip

Parsnip is a program developed to assist in the parsing of protocols using the open source network security monitoring tool Zeek. Parsnip is specifically designed to be applied towards developing Industrial Control Systems (ICS) protocol parsers but can be applied to any protocol.
#Parsnip #ProtocolParser #Zeek #ICS #IndustrialControlSystems #OT #OperationalTechnology #SCADA