home.social

#dragos — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #dragos, aggregated by home.social.

  1. Oh what, #Dragos is moving in across from us? I mean it’s a little small….

    Tell you what if I see anyone here I’ll say hi, would be nice to have anyone that gets OT network monitoring to chat to over lunch.

  2. Dragos Blames Electrum Group for Poland Grid Cyberattack

    Looking to read the full article? Scroll down and login or sign up today! Page Reload Scroll Position…
    #Poland #Polska #PL #Europe #Europa #EU #Aktualności #Cybersecurity #distributedenergyresources(DERs) #Dragos #inverter-basedresources(IBRs) #poland #polska #Russia #Ukraine
    europesays.com/2738765/

  3. Think OT security isn’t relevant to your operations? Think again! @hacks4pancakes busts common myths and highlights the importance of OT systems in various environments on this episode of the Breaking Badness Cybersecurity Podcast.

    🎧 Listen to the full episode wherever you get podcasts:

    Apple: podcasts.apple.com/us/podcast/

    Spotify: open.spotify.com/episode/5S8UI

    YouTube: youtube.com/watch?v=S2f4MSQL7g

    #MythBusting #OTSecurity #IndustrialCybersecurity #Dragos

  4. 🌐Securing Critical Infrastructure 🌐

    Dive into the world of industrial control systems with @hacks4pancakes from @dragosinc. In this episode of the Breaking Badness Cybersecurity Podcast, discover the unique challenges and essential practices for securing our critical infrastructure. 🚧🔒

    #CyberSecurity #IndustrialControlSystems #OTSecurity #Dragos

    Listen wherever you get podcasts

    Apple: podcasts.apple.com/us/podcast/

    Spotify: open.spotify.com/episode/5S8UI

    YouTube: youtube.com/watch?v=S2f4MSQL7g

  5. @dragosinc

    First takeaway. The #SANS Five ICS Cybersecurity Critical Controls

    While I think I had come across them before it was helpful to get a quick overview.

    Different many other approaches to #Cybersecurity, they don't start with a focus of prevention.

    The 5 critical controls are

    1. ICS-specific Incident Response Plan
    2. Defensible Architecture
    3. ICS Network Visibility and Monitoring
    4. Secure Remote Access
    5. Risk-based VulnerabilityManagement Program

    ICS-specific Incident Response Plan

    Identify the scenarios which apply to you according to your industry, setting, etc. Start with 2-3 high consequence Simulate the scenarios and test your incident response plans, identify and prioritize gaps.

    Defensible Architecture

    to enable humans to successfully defend your system. Asset management, isolation, segmentation based on risks identified in the scenarios above and to enable

    ICS Network Visibility and Monitoring

    Without this a root cause analysis is hard. And without identifying "the" root cause it's impossible to corrects problems (added benefit of identifying misconfigurations)

    Secure Remote Access

    Remote access is a reality in most OT systems.
    A lot of incidents start by unsecure remote access, including the 3rd parties like suppliers and service providers. So getting this secured including MFA, is crucial.

    Risk-based Vulnerability

    Management Program

    Patch everything isn't general possible in an OT setting. Instead of trying and failing focus on the vulnerabilities which increase the risks identified before.

    Find more information at
    sans.org/white-papers/five-ics
    or
    dragos.com/blog/the-sans-ics-f

    (Little shoutout to @dragosinc, while there is a registration form when downloading stuff from #Dragos, there is generally also a "skip" button to download without providing information. I love it)

  6. Last week i had the opportunity to participate in de #Dragos Industrial Security Conference in Munich (#DISC)

    AS the name suggests in was about #ICS/#OT #Cybersecurity

    In this thread I would like to share some takeaways

    (Not sure if @dragosinc is their official account)

  7. How ICS malware sabotaged heating in Ukraine - #Dragos FrostyGoop ICS Malware Intelligence Brief covering the recent cybersecurity incident affecting the energy sector.

    In our report, we cover the OT cybersecurity weaknesses exploited by cyber adversaries and offer actionable insights on how to protect against the threat. Get the intel brief today! hubs.la/Q02HBYNT0 (you can skip the registration)

    Don’t miss our upcoming webinar for a deeper dive – register now! hubs.la/Q02HBWV80

  8. New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure

    Date: July 23, 2024

    CVE: N/A

    Vulnerability Type: Exploitation of Modbus TCP communication

    CWE: [[CWE-668]], [[CWE-20]], [[CWE-74]]

    Sources: The Hacker News, Yahoo News, Dragos

    Synopsis

    FrostyGoop is a newly identified malware designed to target Industrial Control Systems (ICS) by exploiting Modbus TCP communication protocols. This malware caused significant disruption to critical infrastructure in Lviv, Ukraine, earlier this year.

    Issue Summary

    In January 2024, FrostyGoop malware targeted an energy company in Lviv, resulting in a 48-hour loss of heating services to over 600 apartment buildings. This malware interacts directly with ICS devices using Modbus TCP over port 502, making it a serious threat to critical infrastructure.

    Technical Key Findings

    FrostyGoop, written in Golang, can read and write to ICS device registers and uses JSON-formatted configuration files to target specific IP addresses and Modbus commands. Initial access was likely gained through a vulnerability in Mikrotik routers.

    Vulnerable Products

    ENCO controllers with TCP port 502 exposed and ICS devices using Modbus TCP are particularly vulnerable to this malware.

    Impact Assessment

    The malware's ability to manipulate ICS devices can lead to significant operational disruptions, inaccurate system measurements, and potential safety hazards, affecting public safety and industrial operations.

    Patches or Workarounds

    Currently, there are no specific patches available for FrostyGoop.

    #FrostyGoop #ICS #ModbusTCP #CriticalInfrastructure #CyberAttack #EnergySector #Ukraine #Dragos #IndustrialControlSystems #Golang #MikrotikVulnerability

  9. I would like to think I’m integral to the #Dragos mission, but I’m definitely responsible for the theme parties. #DISC

  10. "#RansomedVC claimed that (1) #RobLee of #Dragos somehow cheated someone called “fooble,” and as a result, (2) RansomedVC was going to #leak files that Lee had allegedly bought to try to woo #ColonialPipeline away from Accenture and to Dragos."
    databreaches.net/colonial-pipe

  11. Un hacker si è introdotto nel sistema di un impianto di trattamento delle acque nella città della Florida di #Oldsmar modificando l'impostazione dell'idrossido di sodio dell'impianto a un livello potenzialmente pericoloso.
    Ma l'hacker non era solo: la società di sicurezza industriale #Dragos ha rilevato una sospetta intrusione diversa avvenuta lo stesso giorno in uno dei computer della #Oldsmar Water Treatment Facility, forse una botnet.
    Di Sean #Lyngaas su #Cyberscoop
    cyberscoop.com/oldsmar-water-p

  12. New post from #Ransomed : #RobLee [#Dragos] Evidence

    "Threat actor Rob Lee has failed to cooperate with the demands made by us, including an admission of guilt & wrongdoing, and an immediate resignation. Therefore, we must expose Rob Lee for who he is – a threat actor working under the guise of a powerful executive..."
    #Ransomware
    ransomlook.io/screenshots/rans

  13. As an update to a story I posted yesterday about a lot of contradictory and confusing claims by RansomedVC (see databreaches.net/colonial-pipe

    RansomedVC subsequently posted screencaps on their leak site to support their claim that they had hacked Accenture using login credentials from an employee named Dudek.

    Last night when Accenture's spokesperson called me, he told me they had no idea who Dudek was and had found no evidence of any recent breach or phished login access.

    Dudek is a principal director of Accenture and has been with them for a decade. 🤔

    #databreach #incidentresponse #accenture #colonialpipeline #ransomedvc #dragos

    @campuscodi @BleepingComputer @ReutersBiz @business

  14. New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure

    Date: July 23, 2024

    CVE: N/A

    Vulnerability Type: Exploitation of Modbus TCP communication

    CWE: [[CWE-668]], [[CWE-20]], [[CWE-74]]

    Sources: The Hacker News, Yahoo News, Dragos

    Synopsis

    FrostyGoop is a newly identified malware designed to target Industrial Control Systems (ICS) by exploiting Modbus TCP communication protocols. This malware caused significant disruption to critical infrastructure in Lviv, Ukraine, earlier this year.

    Issue Summary

    In January 2024, FrostyGoop malware targeted an energy company in Lviv, resulting in a 48-hour loss of heating services to over 600 apartment buildings. This malware interacts directly with ICS devices using Modbus TCP over port 502, making it a serious threat to critical infrastructure.

    Technical Key Findings

    FrostyGoop, written in Golang, can read and write to ICS device registers and uses JSON-formatted configuration files to target specific IP addresses and Modbus commands. Initial access was likely gained through a vulnerability in Mikrotik routers.

    Vulnerable Products

    ENCO controllers with TCP port 502 exposed and ICS devices using Modbus TCP are particularly vulnerable to this malware.

    Impact Assessment

    The malware's ability to manipulate ICS devices can lead to significant operational disruptions, inaccurate system measurements, and potential safety hazards, affecting public safety and industrial operations.

    Patches or Workarounds

    Currently, there are no specific patches available for FrostyGoop.

    #FrostyGoop #ICS #ModbusTCP #CriticalInfrastructure #CyberAttack #EnergySector #Ukraine #Dragos #IndustrialControlSystems #Golang #MikrotikVulnerability

  15. New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure

    Date: July 23, 2024

    CVE: N/A

    Vulnerability Type: Exploitation of Modbus TCP communication

    CWE: [[CWE-668]], [[CWE-20]], [[CWE-74]]

    Sources: The Hacker News, Yahoo News, Dragos

    Synopsis

    FrostyGoop is a newly identified malware designed to target Industrial Control Systems (ICS) by exploiting Modbus TCP communication protocols. This malware caused significant disruption to critical infrastructure in Lviv, Ukraine, earlier this year.

    Issue Summary

    In January 2024, FrostyGoop malware targeted an energy company in Lviv, resulting in a 48-hour loss of heating services to over 600 apartment buildings. This malware interacts directly with ICS devices using Modbus TCP over port 502, making it a serious threat to critical infrastructure.

    Technical Key Findings

    FrostyGoop, written in Golang, can read and write to ICS device registers and uses JSON-formatted configuration files to target specific IP addresses and Modbus commands. Initial access was likely gained through a vulnerability in Mikrotik routers.

    Vulnerable Products

    ENCO controllers with TCP port 502 exposed and ICS devices using Modbus TCP are particularly vulnerable to this malware.

    Impact Assessment

    The malware's ability to manipulate ICS devices can lead to significant operational disruptions, inaccurate system measurements, and potential safety hazards, affecting public safety and industrial operations.

    Patches or Workarounds

    Currently, there are no specific patches available for FrostyGoop.

    #FrostyGoop #ICS #ModbusTCP #CriticalInfrastructure #CyberAttack #EnergySector #Ukraine #Dragos #IndustrialControlSystems #Golang #MikrotikVulnerability

  16. New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure

    Date: July 23, 2024

    CVE: N/A

    Vulnerability Type: Exploitation of Modbus TCP communication

    CWE: [[CWE-668]], [[CWE-20]], [[CWE-74]]

    Sources: The Hacker News, Yahoo News, Dragos

    Synopsis

    FrostyGoop is a newly identified malware designed to target Industrial Control Systems (ICS) by exploiting Modbus TCP communication protocols. This malware caused significant disruption to critical infrastructure in Lviv, Ukraine, earlier this year.

    Issue Summary

    In January 2024, FrostyGoop malware targeted an energy company in Lviv, resulting in a 48-hour loss of heating services to over 600 apartment buildings. This malware interacts directly with ICS devices using Modbus TCP over port 502, making it a serious threat to critical infrastructure.

    Technical Key Findings

    FrostyGoop, written in Golang, can read and write to ICS device registers and uses JSON-formatted configuration files to target specific IP addresses and Modbus commands. Initial access was likely gained through a vulnerability in Mikrotik routers.

    Vulnerable Products

    ENCO controllers with TCP port 502 exposed and ICS devices using Modbus TCP are particularly vulnerable to this malware.

    Impact Assessment

    The malware's ability to manipulate ICS devices can lead to significant operational disruptions, inaccurate system measurements, and potential safety hazards, affecting public safety and industrial operations.

    Patches or Workarounds

    Currently, there are no specific patches available for FrostyGoop.

    #FrostyGoop #ICS #ModbusTCP #CriticalInfrastructure #CyberAttack #EnergySector #Ukraine #Dragos #IndustrialControlSystems #Golang #MikrotikVulnerability

  17. New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure

    Date: July 23, 2024

    CVE: N/A

    Vulnerability Type: Exploitation of Modbus TCP communication

    CWE: [[CWE-668]], [[CWE-20]], [[CWE-74]]

    Sources: The Hacker News, Yahoo News, Dragos

    Synopsis

    FrostyGoop is a newly identified malware designed to target Industrial Control Systems (ICS) by exploiting Modbus TCP communication protocols. This malware caused significant disruption to critical infrastructure in Lviv, Ukraine, earlier this year.

    Issue Summary

    In January 2024, FrostyGoop malware targeted an energy company in Lviv, resulting in a 48-hour loss of heating services to over 600 apartment buildings. This malware interacts directly with ICS devices using Modbus TCP over port 502, making it a serious threat to critical infrastructure.

    Technical Key Findings

    FrostyGoop, written in Golang, can read and write to ICS device registers and uses JSON-formatted configuration files to target specific IP addresses and Modbus commands. Initial access was likely gained through a vulnerability in Mikrotik routers.

    Vulnerable Products

    ENCO controllers with TCP port 502 exposed and ICS devices using Modbus TCP are particularly vulnerable to this malware.

    Impact Assessment

    The malware's ability to manipulate ICS devices can lead to significant operational disruptions, inaccurate system measurements, and potential safety hazards, affecting public safety and industrial operations.

    Patches or Workarounds

    Currently, there are no specific patches available for FrostyGoop.

    #FrostyGoop #ICS #ModbusTCP #CriticalInfrastructure #CyberAttack #EnergySector #Ukraine #Dragos #IndustrialControlSystems #Golang #MikrotikVulnerability

  18. "#RansomedVC claimed that (1) #RobLee of #Dragos somehow cheated someone called “fooble,” and as a result, (2) RansomedVC was going to #leak files that Lee had allegedly bought to try to woo #ColonialPipeline away from Accenture and to Dragos."
    databreaches.net/colonial-pipe

  19. "#RansomedVC claimed that (1) #RobLee of #Dragos somehow cheated someone called “fooble,” and as a result, (2) RansomedVC was going to #leak files that Lee had allegedly bought to try to woo #ColonialPipeline away from Accenture and to Dragos."
    databreaches.net/colonial-pipe

  20. "#RansomedVC claimed that (1) #RobLee of #Dragos somehow cheated someone called “fooble,” and as a result, (2) RansomedVC was going to #leak files that Lee had allegedly bought to try to woo #ColonialPipeline away from Accenture and to Dragos."
    databreaches.net/colonial-pipe