• Neeve
  • Posts
  • šŸŒOT Security Extends Beyond Industry

šŸŒOT Security Extends Beyond Industry

Fines, leaks, and hacksā€”key cyber updates

Author

Alison Bridge
November 05, 2024

In this Neeve issue: Learn why OT security is now a mainstream concern across industries, the release of CISAā€™s ā€œBad Practicesā€ catalog for software manufacturers, a major flaw in Hikvision cameras putting sensitive locations at risk, and Canadaā€™s cyber alert against Chinese espionage.

Coming up this week:

  • šŸ” Product Security ā€˜Bad Practicesā€™ Released

  • āš ļø OT Security: A Growing Concern Beyond Industry

  • šŸšØ Hikvision Flaw Exposes Critical Camera Feeds

  • šŸ›”ļøChinese Cyber Threats: Canada on High Alert

  • šŸ—žļø Further Alerts & Insights

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have published a catalog of risky software development practices, specifically targeting software manufacturers who serve critical infrastructure and national functions. This guidance aims to mitigate the vulnerabilities that result from these practices.

  • The public is encouraged to submit comments on this guidance, which covers three categories: product properties, security features, and organizational processes. The catalog seeks to foster ā€œSecure by Designā€ principles for software development, addressing longstanding vulnerabilities that can impact national security and critical services.

  • Supported by the National Cybersecurity Strategy, this effort pushes for software manufacturers to take greater responsibility for secure product design, with contributions from over 220 organizations and guidance aligned with frameworks like NISTā€™s Secure Software Development Framework.

šŸ¤” The Bigger Picture:

By curbing risky software development practices, this initiative aims to bolster national cybersecurity for crucial sectors like healthcare, government, and utilities, which remain prime targets for cyberattacks. The catalog is part of a larger movement to hold software providers accountable for their products' security, emphasizing best practices that support customer safety and national resilience. As part of the broader ā€œSecure by Designā€ initiative, these guidelines reflect CISAā€™s collaboration with U.S. and international agencies to address software vulnerabilities and protect public-facing systems against cyber threats.

Operational Technology (OT) systems, previously isolated in industrial environments, are now more commonly connected to IT networks across sectors, increasing their exposure to cyber threats. OT systems are essential for various functions, including HVAC and access controls in data centers and office buildings, making OT security a priority for a broader range of industries.

  • The merging of OT and IT introduces new vulnerabilities because of legacy OT devices lacking modern security features, such as encryption and regular patching. Recent studies show a rise in attacks on OT systems, with 76% of organizations experiencing cyberattacks targeting OT environments. The outdated nature of many OT systems also complicates patching and applying security controls.

  • Experts advise security leaders to implement network segmentation, asset inventory, and Zero Trust principles, along with enhanced monitoring and tailored patch management. Standards like the Purdue Model and IEC 62351 provide frameworks for addressing OT security challenges, especially in retrofitting older systems with security protections.

šŸ¤” The Bigger Picture:

Cybersecurity roles are moving from industrial CISOs to mainstream businesses as OT and IT networks merge. Every sector should make sure OT security is a top concern to avoid any service disruptions. Unsecured OT devices give hackers a way in, allowing them to move around and cause bigger problems. With IT and OT coming together, we need strong security like segmentation and Zero Trust, plus IT and OT teams working together to fill security gaps.

A flaw in Hikvision network camerasā€™ DDNS (Dynamic DNS) service allows attackers to intercept credentials by sending them over HTTP instead of HTTPS. With intercepted credentials, attackers could potentially gain unauthorized access to camera feeds and manipulate connections.

  • Over 80,000 Hikvision cameras, widely deployed across 2,300 organizations in sensitive locations in 100 countries, remain vulnerable to this and other flaws, raising concerns about potential access to critical infrastructure.

  • Hikvision has released firmware updates requiring HTTPS for DDNS and advises users to update firmware, enforce strong password policies, isolate camera networks, and monitor for unauthorized access.

šŸ¤” The Bigger Picture:

Hikvision cameras are frequently used in high-security locations like critical infrastructure and government buildings; if credentials are intercepted, it could cause unauthorized monitoring, data theft, and security breaches. Conversations in Russian cybercriminal forums are focusing more on exploiting Hikvision vulnerabilities, which may allow state-sponsored groups or malicious actors to use vulnerable cameras for espionage or sabotage. To reduce the risk of intrusions that could threaten overall network security, organizations should separate Hikvision camera systems from critical assets and enhance network segmentation.

Chinese state-sponsored cyber actor has been scanning Canadian IT systems in 2024, targeting critical sectors such as government, defense, critical infrastructure, and media.

  • These scanning activities, often a precursor to malicious attacks, allow hackers to identify vulnerabilities. The threat actors are likely aligned with Chinese intelligence services, aiming to gather data that aligns with Beijingā€™s strategic interests.

  • The Cyber Centre advises isolating critical systems, enhancing network monitoring, implementing multi-factor authentication, maintaining offline backups, and updating incident response plans. These measures are crucial for high-value targets like government and infrastructure operators.

šŸ¤” The Bigger Picture:

Scanning shows that cyber espionage from countries is getting worse, and Canada is a big target since itā€™s close to the U.S. and shares infrastructure, risking important sectors.

Further Alerts & Insights

šŸ“° Ransomware Disrupts German Pharma Supply Chain

AEP, a pharmaceutical wholesaler in Bavaria, was hit by a ransomware attack, disrupting medicine supplies to over 6,000 German pharmacies. AEP described the incident as a ā€œtargeted and criminalā€ attack, which led to partial encryption of its IT systems. After detecting the breach, AEP took immediate protective actions, including disconnecting external connections and shutting down affected systems. The company is currently coordinating with cybersecurity experts and has limited communication to email.

šŸ“° Microsoft Teams Used in Ransomware Attack

Black Basta ransomware affiliates are now using Microsoft Teams to pose as IT support, tricking employees into granting access to corporate networks. The attackers initiate the process by flooding employee inboxes with spam emails, creating a sense of urgency for IT help, which they then offer through fake Teams messages.

šŸ“° Critical Bugs Put Smart Factories at Risk

CISA disclosed critical vulnerabilities in Mitsubishi Electric and Rockwell Automation software, affecting smart factory automation. These flaws could allow remote code execution (RCE), denial-of-service (DoS), and authentication bypass, potentially compromising entire factory operations.

šŸ“° CISAā€™s First Global Cybersecurity Strategy

CISA has launched its inaugural International Strategic Plan (2025-2026) to enhance global cybersecurity cooperation for protecting critical infrastructure. Cross-border collaboration and swift sharing of threat information are the key aspects of this plan.