One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8376274 |
| Date de publication | 2023-08-29 10:00:00 (vue: 2023-08-29 15:06:55) |
| Titre | Lutte contre les logiciels malveillants dans la chaîne d'approvisionnement industrielle Battling malware in the industrial supply chain |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Here\'s how organizations can eliminate content-based malware in ICS/OT supply chains. As the Industrial Internet of Things (IIoT) landscape expands, ICS and OT networks are more connected than ever to various enterprise systems and cloud services. This new level of connectivity, while offering benefits, also paves the way for targeted and supply chain attacks, making them easier to carry out and broadening their potential effects. A prominent example of supply chain vulnerability is the 2020 SolarWinds Orion breach. In this sophisticated attack: Two distinct types of malware, "Sunburst" and "Supernova," were secretly placed into an authorized software update. Over 17,000 organizations downloaded the update, and the malware managed to evade various security measures. Once activated, the malware connected to an Internet-based command and control (C2) server using what appeared to be a harmless HTTPS connection. The C2 traffic was cleverly hidden using steganography, making detection even more challenging. The threat actors then remotely controlled the malware through their C2, affecting up to 200 organizations. While this incident led to widespread IT infiltration, it did not directly affect OT systems. In contrast, other attacks have had direct impacts on OT. In 2014, a malware known as Havex was hidden in IT product downloads and used to breach IT/OT firewalls, gathering intelligence from OT networks. This demonstrated how a compromised IT product in the supply chain could lead to OT consequences. Similarly, in 2017, the NotPetya malware was concealed in a software update for a widely-used tax program in Ukraine. Though primarily affecting IT networks, the malware caused shutdowns in industrial operations, illustrating how a corrupted element in the supply chain can have far-reaching effects on both IT and OT systems. These real-world incidents emphasize the multifaceted nature of cybersecurity risks within interconnected ICS/OT systems. They serve as a prelude to a deeper exploration of specific challenges and vulnerabilities, including: Malware attacks on ICS/OT: Specific targeting of components can disrupt operations and cause physical damage. Third-party vulnerabilities: Integration of third-party systems within the supply chain can create exploitable weak points. Data integrity issues: Unauthorized data manipulation within ICS/OT systems can lead to faulty decision-making. Access control challenges: Proper identity and access management within complex environments are crucial. Compliance with best practices: Adherence to guidelines such as NIST\'s best practices is essential for resilience. Rising threats in manufacturing: Unique challenges include intellectual property theft and process disruptions. Traditional defenses are proving inadequate, and a multifaceted strategy, including technologies like Content Disarm and Reconstruction (CDR), is required to safeguard these vital systems. Supply chain defense: The power of content disarm and reconstruction Content Disarm and Reconstruction (CDR) is a cutting-edge technology. It operates on a simple, yet powerful premise based on the Zero Trust principle: all files could be malicious. What does CDR do? In the complex cybersecurity landscape, CDR stands as a unique solution, transforming the way we approach file safety. Sanitizes and rebuilds files: By treating every file as potentially harmful, CDR ensures they are safe for use while mainta |
| Envoyé | Oui |
| Condensat | ‘6 ‘a ‘many 000 100 200 2014 2017 2020 800 ability acceptance access across action: activated actors acts actual adapt additional adherence adopt adoption adoption: advantage affect affecting against aims all allowed already also amid any appeared applications applies apply approach architectures are area article asset at&t attack: attacks author authorized availability: barrier barriers based battle battling becoming been before begun behind benefits best beyond blocks both breach broad broadening browser but call can capabilities capitalizing carry cause caused cdr chain chains challenges challenges: challenging choose cleverly cloud code command complex compliance components comprehensive compromised concealed connected connecting connection connectivity consequences considered consistent content continues contrast contributes control control: controlled controls corrupted could cover coverage create creating criminal critical crucial cutting cyber cybersecurity damage data day decision deconstruction deeper defense defense: defenses defensive defines deliver demilitarized demonstrate demonstrated depth destined detection detection: devices did different dimensions direct directly disarm disrupt disrupting disruptions distinct dmz document does downloaded downloads easier edge effectively effectiveness effects element elements elements: eliminate email embedded emphasis emphasize emphasizing enables endorse engines enhances enhancing ensures ensuring enterprise entry environment environments environments: especially essential establish evade even ever every evident: example exchange existing expands exploit exploitable exploration external extreme face far faulty field file files files: firewall: firewalls firmware flexible focuses focusing foiling forces frameworks free fresh frightening from full functionality functions gateways gateways: gathering giving groups guidelines had handling happening harmful harmless has have havex here hidden high highlight highlights how https hundreds hybrid ics ics/ot ics/ot: identity iiot illustrating impacts import importance inadequate incident incidents include includes including including: incoming incorporate increasing independence indispensable industrial infiltration information initial institute integrated integrating integration integrity intellectual intelligence interconnected internet iot isolation issues: it/ot its just known landscape laptops layer layered layers lead led left level lies like location locations maintaining makes making malicious malware managed management manipulation manufacturing: measures measures: mechanisms mere methodical methods might mitigating modules more multi multifaceted multiple national nature network networks neutralize new nist not notpetya now numerous offering offers once ongoing only operates operations organization organizations orion other out outlined outside over part particularly party paves people perimeter: perspective phase physical placed play points portable positioned positions possibilities: post potential potentially power powerful practice practices practices: prelude premise premises preventative prevention primarily principle: principles process processes: product program prominent proper property protect protection protection: provided providing proving pursuit quote rates rather reaching ready real rebuilds reconstruction regulatory relayed remotely removes required resilience respond responsibility revision rising risks robust role safe safeguard safety sanitization sanitized sanitizes scada scanning scenarios seamlessly secretly section secure securing security security: seek sentinel serve server services shield should shown shutdowns sign significant similarly simple simultaneously sites small software solarwinds solely solution solution: solutions sophisticated specific standards stands states: stations: steganography step sterile stone storage strategy strategy: stress such sunburst supernova supply systems systems: targeted targeting tax technologies technology than theft them then the |
| Tags | Malware Vulnerability Threat Industrial Cloud |
| Stories | NotPetya Wannacry Solardwinds |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.