SCADAfence Blog

Part 3: Protecting PLCs and Their Environment For many years, PLCs have been insecure by design. Several years into customizing and applying best practices from IT gave rise to secure protocols,...

Part 2: Decoding the Complexity of PLCs In part one of this series we explained how Programmable Logic Controllers (PLCs) have become key targets for cyber security attacks due to their legacy...

Part 1: The Invisible Enemy Programmable Logic Controllers (PLCs) are an essential part of industrial manufacturing plants. They are widely used in industrial control systems (ICS)  to automate...

What You Need To Do Now! Even if you aren’t in New York! When New York Governor Kathy Hochul signed legislation to create cybersecurity protections for the state's energy grid at the end of 2022, she...

In mid-summer of 2022, Albania accused the Iranian government of targeting them with a series of major cyberattacks. The attacks, which targeted government servers and online portals, raised alarms...

If one of your organization’s goals for 2023 is to implement a robust OT/ICS cyber security solution (and here’s why it absolutely should be, even if budgets are a little tight!) you may need a...

It’s become somewhat of a ritual at the beginning of every year, (almost) every company comes up with a review of the past year, and an attempt to forecast what the next 12 months will bring. This...

On a Sunday evening in late December, 2022 The Hospital for Sick Children in Toronto was hit with a ransomware attack that took down several vital hospital network systems and caused widespread...

I want to discuss a subject that doesn't get enough attention in the world of OT/ICS cyber security considering how fundamental it is, and also sparks a surprising amount of controversy. The topic is...

A SCADAfence New Feature report The first question we're usually asked by any CISO who wants to increase their OT security posture is about asset visibility and management. Gathering a comprehensive...

Thanksgiving – when families get together and express gratitude for everything they have, accompanied by good food and hopefully great football. For most families and network security teams who just...

Psst….Don’t look now, but the global economy might be entering a recession. Yeah, yeah, you already know that. Everyday you’re reading about tech industry layoffs, stock market dips, and general...

Three days before Halloween, on Oct 28, 2022 Aurubis, the largest copper producer in Europe, issued a press release announcing that it had been hit by a cyber attack. The company announced that it...

The Cyber Kill Chain is a framework that outlines the stages of common cyberattacks and the points in the process at which attacks can be detected or intercepted. Developed by Lockheed Martin, this...

The cyber security community was deeply engrossed this week in the news that OpenSSL, the organization responsible for the software package that encrypts and secures communications across much of the...

  If you are the person in your organization responsible for securing an OT network, you are probably feeling very popular these days. Your inbox is no doubt full of emails inviting you to ‘hop on a...

  Multiple factions of the hacker group known as “Anonymous” have banded together to carry out coordinated cyber attacks targeting Iran as retaliation for the deaths of multiple young women in Iran...

Why Do You Need Operational Network Security? Modern operational technology (OT) networks are evolving due to developments such as the rise Industrial Internet of Things (IIoT), Industry 4.0, smart...

The US National Security Agency (NSA) and the Cybersecurity Infrastructure Security Agency (CISA) have issued a joint advisory specifically for OT/ICS networks. The advisory offers guidance on ways...

A SCADAfence New Feature report “Could we be next?”   One of the biggest challenges for an industrial OT/ICS security professional is figuring out if their organization is vulnerable to the latest...

Alerton, a subsidiary of Honeywell, is a major manufacturer of building management systems for heating, ventilation, and air conditioning (HVAC). SCADAfence’s research team discovered vulnerabilities...

What do Organizations Need to Know about LockBit? The first known ransomware attacks using what would come to be known as LockBit were reported back in 2019. Organizations that were infected with the...

SCADAfence now offers new advanced services via our cloud. We use the cloud to deliver continuous OT security updates, software upgrades and OT health monitoring.

South Staffordshire PLC, parent company of South Staffs Water, a small independent utility that supplies water to 1.6 million customers, including 35,000 businesses, in central England was hit by a...

A SCADAfence New Feature Report Here is the standard, old school way of automated risk assessment across an OT network:  First, scan each device individually. Then evaluate its specific level of risk...

Our research team compiled the latest updates on newly announced CVEs, recent ransomware attacks including BlackCat & Luna, and IoT security news. They also offer analysis of the potential impacts...

The SCADAfence engineering team has contributed a new module to the widely used Metasploit framework as a “pay it forward” program that will allow pentesters and asset owners to use a new set of...

A SCADAfence New Feature reportA large, robust Industrial Control Systems (ICS) network can contain tens of thousands of devices. Each of those devices may have any number of associated known CVEs...

Iranian Hackers Claimed Responsibility for the Power Plant Fire Almost immediately after a fire broke out in an active power plant in southern Israel on July 14, 2022, an Iranian hacking group...

Our research team compiled the latest updates on newly announced CVEs, recent ransomware attacks and IoT security news. They also offer analysis of the potential impacts and their expert...

Iran’s steel Industry was hit by a hacktivist group calling themselves ”Goneshke Darande” [Predatory Sparrow] on June 27th, 2022. The attack focused specifically on three steel companies that are...

This blog is a response to a recently published article that implied a link between the June 8th explosion at the Freeport LNG plant and Russian threat actors. The author attempted to connect...

Our research team compiled the latest updates on newly announced CVEs, recent ransomware attacks and IoT security news. They also offer analysis of the potential impacts and their expert...

A Change In The Air The past several decades have seen a seismic shift in how the world thinks about energy. Concerns about climate change and global geopolitics have caused many nations to declare a...

OT and ICS Industry veteran Paul Smith, author of “Pentesting Industrial Control Systems” has recently joined the SCADAfence team in the role of Field CTO. We interviewed Paul to get his thoughts on...

Our research team has put together all of the most relevant news topics in the Ransomware and IoT security fields, as well as their impacts and their expert recommendations:

On April 27, the Cybersecurity and Infrastructure Security Agency (CISA), published a joint advisory in collaboration with CSA/NSA/FBI/ACSC and other cybersecurity authorities, providing details on...

Dangerous New Malware Can Shut Down, Sabotage Industrial Sites  

Russian-backed Group Attempts to Compromise Ukrainian Power Grid Using Industroyer2 Malware As part of their ongoing military assault against neighboring Ukraine, Russian-backed hacker group Sandworm...

Two vulnerabilities in Rockwell programmable logic controllers and engineering workstation software have been disclosed. These vulnerabilities give attackers a way to modify automation processes and...