The world's most capable, rugged and secure
industrial control system...

Introducing Bedrock OSA® Remote

  • Intrinsically-secure PLC and RTU control
  • 10 or 20 channels of universal I/O
  • Free IEC 61131-3 engineering software
  • -40ºC to +80ºC temperature range
  • Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Learn More

Industry News

Cyber Attacks
 

CISA Issues New Ransomware Guide

October 6, 2020
Sam Galpin

Sam Galpin, Bedrock Automation Fellow

 

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Ransomware Guide. The first part of the Guide focuses on preventing ransomware attacks; the second part is a checklist for what to do if you should get hit. This is important information at a time when ransomware perpetrators are beginning to target industrial operations.

 

Most cybercrime is money-driven. Ransomware enables criminals to monetize cyberattacks on targets previously of little interest. Ransomware started as a mass distribution “spray and pray” drive-by attack with minimal attention to targeting.  The ransom amounts requested were typically small.  In recent months, however, more sophisticated attackers have found they could reap much larger ransoms collected by targeting their attacks.

 

The ideal target has three characteristics: a strong incentive to restore operations quickly, the ability to pay, and weak defenses.  Thus far, ransomware attacks on industrial systems have been rare, probably because other targets like municipal government agencies are less well-defended.  There is, however, no question that industrial systems are potentially lucrative targets, and recent attacks such as EKANS and spearfishing attacks that shut down a pipeline are already exploiting that opportunity.

 

In the near term, the attacks will likely focus on targets the attackers are familiar with like Windows HMI stations and supporting services, which can force shutdowns and/or disrupt operations.  As the attackers learn more about industrial systems and how to manipulate processes, they can move toward extortion.

 
Cyber Attacks

Understanding and Managing ICS Cyber Security Threats to U.S. Water and Wastewater Utilities

September 28, 2020
Robert Bergman

“Government intelligence confirms the water and wastewater sector is under a direct threat as part of a foreign government’s multistage […]

Cyber Attacks

U.S. Security Agencies Warn of Cyber Attack Threats to Unauthenticated PLCs and other OT

August 27, 2020
Robert Bergman

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have urged critical infrastructure facilities to take […]

Cyber Attacks

Encrypt or Be Encrypted: Mysterious Ransomware Attacks OT

August 27, 2020
Robert Bergman

A second bit of ransomware code designed to target industrial control systems has emerged. Similar to the Megacortex malware that […]