Call us! 512-349-0334 or (877) INDUSOFT

The Growing Ransomware Economy and How To Defend Against It

Last year, Ransomware payments reached a billion dollars – an increase of over 4,000% from the previous year. We learned in Carbon Black’s recent report on the ransomware economy that those staggering numbers may only represent the tip of the iceberg.  Continue reading

Destroying Industrial Equipment with Bubbles and Malicious Code

It’s not yet common to see malicious attacks designed with the intent of destroying industrial equipment, but the proof-of-concept experiments on the vulnerability of industrial control systems only grows more compelling with each example of equipment-destroying malware. The best and most well-known example was Stuxnet, but hackers at the recent Black Hat Security concept showed even more evidence that such attacks can pinpoint weaknesses in nearly any physical system. Continue reading

The NIST Cybersecurity Framework from an Automation and Control Systems Perspective

When reading about the NIST (National Institute of Standards and Technology) directive by Executive Order 13636 to improve critical infrastructure cybersecurity, many, if not most, Control System Engineers and System Integrators just glaze over and turn the page in order to get to a more interesting topic. They may not think it’s their job, or even that learning about the subject might be in their best interest. The current thinking about Control System Security from the point of view of some engineers is to “not think about it” and it will go away… or to “give it to IT” and not worry about it again, or “the customer didn’t pay for it, so I am not going to address it because it is outside the project scope”. Continue reading

Five ways to improve SCADA Security for Critical Infrastructure

In anticipation of our upcoming Cybersecurity Webinar in just under two weeks, we wanted to expand on some measures that should be implemented in order to make SCADA Systems and Industrial Control Systems (ICS) controlling critical infrastructure inherently more secure. We expect that the majority of our customers may have already investigated using most or all of these methods in their security configurations, but we’ll discuss them and expand on them as necessary, using current industry guidance recommendations. Continue reading

What you Need to Know about Industroyer and the Threat it Poses to Industrial Control Systems

In 2010, a massive threat to industrial control systems called Stuxnet spread worldwide to infect thousands of systems running Siemens software. It was a weapon developed to cripple nuclear facilities. Last year, a new threat emerged in Ukraine that rivals the danger of Stuxnet. This new threat took down a power plant for over an hour, and may have been a precursor to a large-scale efforts to take down or damage power grids, as well as other types of critical infrastructure in the future. Continue reading

Best Practices for Protecting Systems from Ransomware Attacks

As we learned last week, Ransomware has reached Industrial automation. With companies such as Renault and Toyota taking hits from the recent spread of the WannaCry ransomware worm (also called WannCrypt and Wanna Decryptor), it’s become clearer than ever that companies should have a protocol in place for safeguarding systems. There should also be schedules for frequent updates to software, which ensures that patches are always in place. Continue reading

Companies that Don’t Take Security Precautions May be Liable for Breaches

The hack of Sony not only resulted in huge losses of data, but it revealed how poorly that data was protected. Now, employees who had their identities exposed as a result of the hack have banded together. A U.S. district court judge has given them approval to sue Sony Pictures Entertainment for their poor protection of personal information. Continue reading

Living, Dead (and Undead) Zero Day Exploits, and What They Mean for Industrial Control Systems

Zero Days exploits are vulnerabilities that exist within software that have not been patched or fixed publicly. These vulnerabilities are an attractive target for hackers, who can typically create an exploit within 22 days of finding a Zero Day. As … Continue reading

National Cybersecurity Awareness Month: Cybersecurity for Intelligent Systems

For this Cybersecurity Awareness Month, InduSoft would like to leave you with some practical thoughts and ideas on Cybersecurity that you could incorporate into your InduSoft Web Studio HMI and SCADA projects. For those of you who want to think about these concepts or are already on-board with making your applications cybersecure; these topics and ideas may help you solidify your project design plans. Continue reading