In this episode of the podcast (#186) we do a deep dive on the new IoT cyber security rating system from Underwriters’ Lab. We talk with experts from GE about the process they used to obtain UL certification for a range of smart home appliances, managing device security over the decades and how a cyber security rating system may influence consumers’ behavior.
In-brief: Claroty, an Israel-based start-up emerged from stealth mode on Tuesday, unveiling a new platform that it claims will help owners of industrial control systems detect threats and attacks by sophisticated adversaries.
In-brief: A hard-coded password in many versions of GE’s MultiLink industrial networking switches could open the door to hackers, the Department of Homeland Security ICS-CERT warned.
In-brief: IBM announced that it would spend $3 billion in the next four years to build an Internet of Things division that will develop tools to help companies tap the flood of data from connected devices and remote sensors. A partnership with The Weather Company is just the start.
Dark Reading’s Kelly Higgins has a report about a discovery by a security researcher who has identified a worrying new trend: banking malware that is posing as legitimate ICS software updates and files in order to compromise systems that run manufacturing plants and other facilities. Higgins writes about research by Kyle Wilhoit, senior threat researcher with Trend Micro. Wilhoit claims to have found 13 different crimeware variants disguised as SCADA and industrial control system (ICS) software. The malware posed as human machine interface (HMI) products, including Siemens’ Simatic WinCC, GE’s Cimplicity, and as device drivers by Advantech. [Read more Security Ledger coverage of threats to SCADA and industrial control systems here.]The attacks appear to be coming from traditional cybercriminals rather than nation-state attackers. The motive, Wilhoit theorizes, is to make money, possibly by harvesting banking credentials or other financial information. Malicious software that can operate in industrial environments and critical infrastructure settings is an […]