(Eduard Kovacs – SecurityWeek) MITRE on Tuesday announced the initial release of a version of its ATT&CK knowledge base that covers the tactics and techniques used by malicious actors when targeting industrial control systems (ICS).
MITRE’s ATT&CK framework has been widely used by cybersecurity professionals to describe and classify attacker behavior and assess an organization’s risks. The new ATT&CK for ICS knowledge base builds upon it in an effort to help critical infrastructure and other organizations whose environments house ICS.
In addition to a matrix that provides an overview of the tactics and techniques used by adversaries, ATT&CK for ICS covers attack techniques in more detail, the malware used by threat actors, and the threat groups known to have launched ICS-related attacks. It also includes an Assets category in order to help organizations understand which techniques can be applied to their environment.
The knowledge base currently describes 81 attack techniques, 17 pieces of malware, 10 threat groups, and 7 types of assets.
According to MITRE, the framework shows which of the ICS-specific applications and protocols — typically used by operators to interact with physical equipment — can be abused by adversaries.
“The knowledge base can play several key roles for defenders, including helping establish a standard language for security practitioners to use as they report incidents,” MITRE said. “With expertise in this domain in short supply, it can also help with the development of incident response playbooks, prioritizing defenses as well as finding gaps, reporting threat intelligence, analyst training and development, and emulating adversaries during exercises.”
ATT&CK for ICS was developed with help from over 100 individuals representing 39 organizations, including security and threat intelligence companies focusing on ICS, national labs, industrial product manufacturers, universities, research institutes, government agencies, and Information Sharing and Analysis Centers (ISACs).
“Asset owners and defenders want deep knowledge of the tradecraft and technology that adversaries use in affecting industrial control systems to help inform their defenses,” said Otis Alexander, a lead cybersecurity engineer focusing on ICS security at MITRE. “Adversaries may try to interrupt critical service delivery by disrupting industrial processes. They may also try to cause physical damage to equipment. With MITRE ATT&CK for ICS, we can help mitigate the catastrophic failures that affect property or human life.”
Austin Scott, principal ICS security analyst at Dragos, commented, “[ATT&CK for ICS] is a huge win for the front-line ICS network defenders who now have a common lexicon for categorizing ICS specific techniques to support reporting and further analysis.”
MITRE Releases ATT&CK Knowledge Base for Industrial Control Systems
(Eduard Kovacs - SecurityWeek) MITRE on Tuesday announced the initial release of a version of its ATT&CK knowledge base that covers the tactics and techniques used by malicious actors when targeting industrial control systems (ICS). MITRE’s ATT&CK framework has been widely used by cybersecurity professionals to describe and classify attacker behavior and assess an organization’s risks. The new ATT&CK for ICS knowledge base builds upon it in an effort to help critical infrastructure and other organizations whose environments house ICS. In addition to a
Intelligence Gathering on U.S. Critical Infrastructure
How Open Source Intelligence can be applied to reconnaissance on critical infrastructure. In many cases it’s possible to narrow a search to specific buildings like power plants, wastewater plants, or chemical and manufactured facilities. The research consists of 26,000 exposed devices in United States.
The Growing Threat of Drones
Drones are an increasing threat to industrial sites, enabling various attacks (cyber and physical) that historically were only possible in close proximity to a facility or device.
Ransomware Attack Costs Aluminum Giant Norsk Hydro Tens of Millions of Dollars
(Eduard Kovacs - SecurityWeek) - Norwegian aluminum giant Norsk Hydro lost $35-41 million in the first quarter of 2019 as a result of the ransomware attack and expects additional losses of $23-29 million in the second quarter. A piece of file-encrypting ransomware named LockerGoga started infecting Norsk Hydro systems on March 18. The attack caused disruptions at several of the company’s plants, forcing workers to rely on manual processes. Hydro has been highly transparent regarding the impact of the incident. It claimed
Reconnaissance, Lateral Movement Rise in Manufacturing Firms
(SecurityWeek - Eduard Kovacs) - An unusually high volume of malicious internal reconnaissance and lateral movement have been observed in the manufacturing industry, which experts believe is a result of the rapid convergence between IT and OT networks. The data comes from the 2018 Spotlight Report on Manufacturing released on Wednesday by threat detection company Vectra. The report is based on observations from another report released on Wednesday by the company, the 2018 Black Hat Edition of the Attacker Behavior Industry Report, which shows
Industrial Internet Consortium (IIC) Unveils New IoT Security Maturity Model
(Kevin Townsend / SecurityWeek) - The Industrial Internet Consortium (IIC) has developed a new IoT Security Maturity Model (SMM), building on its own security framework and reference architecture. This week it has published the first of two papers: IoT Security Maturity Model: Description and Intended Use. This is primarily a high-level overview aimed at the less technical of IoT stakeholders. "This is for the businessmen," Ron Zahavi, chief strategist for IoT standards at Microsoft, told SecurityWeek, "to help them understand what is needed
Palo Alto Networks Releases Rugged Firewall for Industrial and Other Harsh Environments
(SecurityWeek - Eduard Kovacs) - Palo Alto Networks on Tuesday announced that it has updated its PAN-OS operating system and released a new next-generation firewall designed for use in industrial and other harsh environments. The new PA-220R is a ruggedized NGFW that can be used by various types of organizations, including power plants, utility substations, oil and gas facilities, manufacturing plants, and healthcare organizations. During beta testing, the product was also used for railway systems, defense infrastructure, and even amusement parks. The PA-220R is