Category: ICS Weekly Executive Summaries

Oldsmar Water Treatment Facility Attack

(By: Edgar Namoca on February 18, 2021) Executive Summary On February 5, 2021, adversaries we able to gain remote access to the Oldsmar water treatment plant [1].  The Oldsmar water treatment plant located in the Tampa Bay area of Florida cleans and provides water for approximately 15,000 people [1] .  The hacker was able to […]

Ransomware Attack on the University of Vermont Health Network

(By: Edgar Namoca on February 3, 2021) Executive Summary The most recent and still ongoing attack is the ransomware attack on the University of Vermont (UVM) health network.  On October 28, 2020, this cyber-attack was noticed when employees of UVM medical center started to have problems with patient care applications [4].  It was initially thought […]

Urgent / 11

(By: Edgar Namoca on February 2, 2021) Executive Summary Urgent/11 comprises eleven Zero-day flaws in the VxWorks real-time operating system (ROTS) [1]. VxWorks is a real-time operating system created and maintained by Wind River.  The VxWorks real-time operating system is used in supervisory control and data acquisition (SCADA) systems such as patient monitors, MRI machines, […]

Increased activity of Dridex

(By: Edgar Namoca on October 22, 2020) Introduction June 30, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) put out an advisory alert for a malware known as Dridex.  Dridex is a banking malware which first appeared at the end of 2015, and the start of 2016 where it had its highest infection rates [3]. […]

Over 400 United States Hospitals Effected by Ransomware

(By: Edgar Namoca on October 15, 2020) Introduction September 28, 2020 United Health Services (UHS) was the victim of a ransomware attack [1].  This attack was initiated at midnight when less technical staff would be available to respond to the incident.  UHS employees from California, Florida, Texas, Arizona, and Washington D.C loss access to computers, […]

OilRig Targets Middle Eastern Telecommunications Organizations

(By: Edgar Namoca on September 17, 2020) Executive Summary On July 22, 2020 an article was published on the research of recent targeted attacks on Middle Eastern telecommunications organizations.  The research published was done by Unit 42 a cyber security research group within Palo Alto.  When analyzing the attacks on the Middle Eastern telecommunications organizations […]

Targeted Attacks on Industrial Control Systems

(By: Edgar Namoca on September 3, 2020) Introduction On June 8, 2020 Honda of Japan was a victim of the snake ransomware attack also known as EKANS[2].  EKANS is a Windows ransomware that adversaries use to target industrial Control Systems (ICS) systems.  It got this name because the malware will append the work EKANS to […]

Maritime Hacking

(By: Josh Balentine on March 3, 2019) The national maritime transportation services provide millions of Americans with employment at ports and port related industries every year and contributes Trillions of dollars to the United States economy. A cyber-attack on just one shipping vessel could result in millions of dollars of damage, loss of life, and […]

Industrial Gateways Vulnerable to Attack

(By: Josh Balentine on March 2, 2019) This month researchers with the cybersecurity firm Applied Risk, discovered vulnerabilities within the Kunbus PR100088 Modbus gateway that allows attackers to gain control of the device. Modbus gateways are used in an industrial environment to connect existing networks and devices running the Modbus serial protocol to an ethernet […]

SICAM 230 Process Control System (PCS) Vulnerabilities

(By: Josh Balentine on February 16, 2019) The company Siemens is one of the top suppliers for electrical engineering and electronic related products. The company provides various products that are utilized in Industrial Controls Systems (ICS) that are used in smart grid applications and the Energy Sector, which is one of the 16 Critical Infrastructures […]