Expert(s):
Co-founder and CPOfeature_status*/ ?>
Nozomi Networks

Comments Dotted : 23
February 18, 2021

Experts Reaction On Kia Motors Suffers Ransomware Attack
These ransomware scenarios should be factored into an organisation’s incident response and business continuity plans.

Unfortunately, these types of attacks are becoming all too common, DoppelPaymer and others are immensely more profitable when they target large organisations and disrupt their critical IT operations – in this case, KIA’s mobile UVO Link apps, payment systems, owner's portals, and internal dealership sites. These ransomware scenarios should be factored into an organisation’s incident response and business continuity plans. Beyond a technical response, decision makers need to be prepared

.....Read More

Unfortunately, these types of attacks are becoming all too common, DoppelPaymer and others are immensely more profitable when they target large organisations and disrupt their critical IT operations – in this case, KIA’s mobile UVO Link apps, payment systems, owner's portals, and internal dealership sites. These ransomware scenarios should be factored into an organisation’s incident response and business continuity plans. Beyond a technical response, decision makers need to be prepared to weigh the risks and consequences of alternate actions. Ransomware threat actors typically rely on spear phishing links or vulnerable public services to gain initial entry into a network. Afterward, they move laterally to gain access to as many nodes of the network as possible, allowing them to increase the magnitude of the disruption. Cybersecurity best practices such as strong segmentation, user training, proactive cyber hygiene programs, multi-factor authentication and the use of continuously updated threat intelligence, should be used to protect IT and operational environments from ransomware.

  Read Less
January 27, 2021

Experts Reaction On Palfinger Suffers Cyber Attack
Attackers are going after higher value targets and that includes operational networks.

In the manufacturing business, time is money, so the disruption of Palfinger’s IT services as well as order processing and shipment delays, translates to lost revenue. The single biggest threat to enterprises today is underestimating and failing to address cybersecurity across all of a company’s cyber and physical systems. Attackers are going after higher value targets and that includes operational networks. The remediation costs and efforts to repair the operational, financial and

.....Read More

In the manufacturing business, time is money, so the disruption of Palfinger’s IT services as well as order processing and shipment delays, translates to lost revenue. The single biggest threat to enterprises today is underestimating and failing to address cybersecurity across all of a company’s cyber and physical systems. Attackers are going after higher value targets and that includes operational networks. The remediation costs and efforts to repair the operational, financial and reputational damage caused by these attacks put a significant strain on leadership teams.


IT and OT systems are converging and security teams need to take a new, holistic approach to cybersecurity. Businesses should deploy artificial intelligence and machine learning tools across their IT/OT networks to gain real-time visibility and identify cyber threats and resolve issues before harm is done. We know from working with thousands of industrial installations, that with the right technology and a focus on best practices, it’s possible to monitor and mitigate these risks and achieve operational resiliency. A robust cyber defense strategy is the best line of defense against sophisticated attacks

  Read Less
November 13, 2020

Experts Insight On Steelcase Suffers Ransomware Attack, Forces 2-week Shut Down Of Global Operations And Production
The single biggest threat to enterprises today is underestimating and failing to address cybersecurity across all of their cyber and physical systems.
The single biggest threat to enterprises today is underestimating and failing to address cybersecurity across all of their cyber and physical systems. Ransomware attackers are going after higher value targets and that includes operational networks. And remediation costs and efforts to repair the operational, financial and reputational damage caused by these attacks put a significant strain on leadership teams. For manufacturing, time is money, and the current pandemic has only added to the.....Read More
The single biggest threat to enterprises today is underestimating and failing to address cybersecurity across all of their cyber and physical systems. Ransomware attackers are going after higher value targets and that includes operational networks. And remediation costs and efforts to repair the operational, financial and reputational damage caused by these attacks put a significant strain on leadership teams. For manufacturing, time is money, and the current pandemic has only added to the industry’s financial challenges. The disruption of IT and operational services, as well as manufacturing downtime and shipment delays, translates to even greater revenue losses. In this case, it appears the Ryuk attack caused a two-week shutdown of most of Steelcase’s global order management, manufacturing and distribution systems, pushing revenues into the fourth quarter. IT and OT systems are converging and security teams need to take a new, holistic approach to cybersecurity. Businesses should deploy artificial intelligence and machine learning tools across their IT/OT networks to gain real-time visibility and identify cyber threats and resolve issues before harm is done. We know from working with thousands of industrial installations, that with the right technology and a focus on best practices, it’s possible to monitor and mitigate these risks and achieve operational resiliency. A robust cyber defense strategy is the best line of defense against a ransomware attack.  Read Less
November 13, 2020

Experts Insight On Steelcase Suffers Ransomware Attack, Forces 2-week Shut Down Of Global Operations And Production
Ransomware attackers are going after higher value targets, and that includes operational networks.
The single biggest threat to enterprises today is underestimating and failing to address cybersecurity across all of their cyber and physical systems. Ransomware attackers are going after higher value targets, and that includes operational networks. In addition, remediation costs and efforts to repair the operational, financial and reputational damage caused by these attacks put a significant strain on leadership teams. For manufacturing, time is money, and the current pandemic has only.....Read More
The single biggest threat to enterprises today is underestimating and failing to address cybersecurity across all of their cyber and physical systems. Ransomware attackers are going after higher value targets, and that includes operational networks. In addition, remediation costs and efforts to repair the operational, financial and reputational damage caused by these attacks put a significant strain on leadership teams. For manufacturing, time is money, and the current pandemic has only added to the industry’s financial challenges. The disruption of IT and operational services, as well as manufacturing downtime and shipment delays, translates to even greater revenue losses. In this case, it appears the Ryuk attack caused a two-week shutdown of most Steelcase’s global order management, manufacturing and distribution systems, pushing revenues into the fourth quarter. IT and OT systems are converging and security teams need to take a new, holistic approach to cybersecurity. Businesses should deploy artificial intelligence and machine learning tools across their IT/OT networks to gain real-time visibility and identify cyber threats and resolve issues before harm is done. We know from working with thousands of industrial installations, that with the right technology and a focus on best practices, it’s possible to monitor and mitigate these risks and achieve operational resiliency. A robust cyber defense strategy is the best line of defence against a ransomware attack.  Read Less
October 26, 2020

Experts On U.S. Sanctions Russian Research Institution Linked To Cyberattacks On Chemical Plant Safety Systems
The perfect storm of increasing cyber threats, digital transformation and IT/OT convergence means organisations must move swiftly.
When Nozomi Networks analysed the TRITON malware in 2018, our findings led us to believe that while TRITON failed, the attacker(s) could have just as easily succeeded in injecting the final payload. This realisation, combined with the knowledge that a growing number of nation-state adversaries and other hackers have critical infrastructure in their sights, calls for vigorous defense of our national critical infrastructure. No single entity can solve this global issue; rather, end users,.....Read More
When Nozomi Networks analysed the TRITON malware in 2018, our findings led us to believe that while TRITON failed, the attacker(s) could have just as easily succeeded in injecting the final payload. This realisation, combined with the knowledge that a growing number of nation-state adversaries and other hackers have critical infrastructure in their sights, calls for vigorous defense of our national critical infrastructure. No single entity can solve this global issue; rather, end users, third-party suppliers, integrators, standards bodies, industry groups and government agencies must work together to help the global manufacturing industry withstand cyberattacks and protect the world’s most critical operations and the people and communities we all serve. The perfect storm of increasing cyber threats, digital transformation and IT/OT convergence means organisations must move swiftly to shore up their defenses with solid cybersecurity programs that deliver, deep visibility and effective cybersecurity that spans OT and IoT networks and devices.  Read Less
October 14, 2020

Microsoft take-down of Trickbot ransomware bot, Security Experts Reacted inline with Election Security
By proactively getting in front of Necurs, Microsoft was able to significantly disrupt the botnet.
This isn’t the first time that Microsoft has leveraging trademark laws to chase down botnets operators. They used the tactic back in 2011 to take down Rustock. IoT botnets are among the fastest-growing categories of attacks, and Trickbot alone has impacted millions of computers. While botnet operators are using every trick in the book to expand their malicious activity, defenders, for obvious reasons, have to comply with the law when implementing the countermeasures. But as Microsoft’s.....Read More
This isn’t the first time that Microsoft has leveraging trademark laws to chase down botnets operators. They used the tactic back in 2011 to take down Rustock. IoT botnets are among the fastest-growing categories of attacks, and Trickbot alone has impacted millions of computers. While botnet operators are using every trick in the book to expand their malicious activity, defenders, for obvious reasons, have to comply with the law when implementing the countermeasures. But as Microsoft’s actions show, this doesn't mean that you can't be creative with the technical and non-technical tools available. The beauty of this latest approach is that while defenders have to suffer the asymmetry of attackers operating behind the limits of the law, by taking the case to court, Microsoft gained a legal advantage to regain control. In general, it can be quite challenging to disrupt the malicious activities of botnets, and Microsoft has a history of stepping up with aggressive countermeasures. In March, Microsoft called on its technical and legal partners in 35 countries to disrupt Necurs, a popular hybrid peer-to-peer botnet. By analysing the algorithm Necurs used to systematically generate new domains, Microsoft was able to accurately predict the 6+ million unique domains that would be created within the next 25 months. Microsoft reported these domains to their respective registries worldwide, allowing the websites to be blocked and preventing them from becoming part of the Necurs infrastructure. By proactively getting in front of Necurs, Microsoft was able to significantly disrupt the botnet. While this type of dismantling of a peer-to-peer botnet might not be feasible for the average organisation, there is still a lot that the security team defending your network can do. Start by considering the three main phases where botnet typically leave behind a lot of network artifacts: Bot deployment: this is where the bot is deployed into a target system member of the network, for instance through an exploit or by brute-forcing the credentials. Communication with the peer-to-peer botnet: this occurs during peer discovery, configuration updates, and commands reception. Malicious activity: the actual malicious activity the botnet was created for, such as sending spam, distributing ransomware, or bot propagation towards other systems. Then, use the right tools to detect and disrupt botnet activity. As businesses become more reliant upon IoT, we can expect that botnet activity will also evolve and grow. And while they can be tricky to defend against, by their very nature, botnets leave behind a lot of information that security defenders can use to track them and prevent future attacks. What’s important is ensuring your security practice incorporates a plan to address botnets. Understand their implications so you can identify which security measures to take. Then chose the right tools – and community resources to detect and disrupt future botnet activity.  Read Less
October 12, 2020

National Cybersecurity Awareness Month: Securing Devices At Home And Work
Ensure all devices and services are patched.
The remote access genie is out of the bottle and the longer it’s on the loose, the harder it’s going to be to put it back in. While many employees like their new-found flexibility, it’s created operational technology (OT) system security headaches for chief information security officers CISOs. COVID-19 has forced organisations to rethink traditional work environments, and many employees are loving it. No more long commutes or missing work to look after sick family members, and they can.....Read More
The remote access genie is out of the bottle and the longer it’s on the loose, the harder it’s going to be to put it back in. While many employees like their new-found flexibility, it’s created operational technology (OT) system security headaches for chief information security officers CISOs. COVID-19 has forced organisations to rethink traditional work environments, and many employees are loving it. No more long commutes or missing work to look after sick family members, and they can put in a load of laundry over the lunch hour. Whether you call it smart work or homework, it’s a trend that’s likely to stick around. Research by Eurostat showed that in 2018, only 3.6% of working Italians did so from home. But, more recently, a March 2020 Forbes article estimated that the number of Italian employees working remotely soared to 62% (8 out of 13 million), due to the pandemic. In the United States, pre-coronavirus, statistics showed that 3.6% of employees worked from home half or more of the time, while 80% would prefer to work remotely at least sometimes. Just across the border, a March 2020 poll by Statistics Canada found that 4.7 million more people started working remotely that month, and 65% of those surveyed hoped to continue to do so after the pandemic is over. Fortunately, many employers are seeing the benefits of a remote work environment too. In a recent forecast, Global Workplace Analytics predicted that by 2022, 25-30% of the workforce will be working remotely multiple days a week. Sounds great for employees, but all is not all so rosy for employers. The CISOs responsible for the resilience of OT systems now face an even greater dilemma: how do they keep these critical systems running 24/7 when employees are encouraged or mandated to work from home and are highly dependent on secure connectivity to function normally? Much of the answer lies in opening up systems that are traditionally closed to the outside world to allow for remote management. To achieve this, CISOs need to balance safety, productivity, and cybersecurity risk. Even the slightest oversight can open the door to cyber risks, and potentially cause harm to employees, company reputation, revenue, and much more. A large number of open connections from remote workers back to the enterprise or OT systems introduce cyber risks. Some corporate leaders may not be prioritising cybersecurity as they scramble to keep their businesses running; not realizing that threat activities carry on – and are sometimes even heightened – during times of crisis. So, as the world sorts itself out during and post-pandemic, one thing is certain – remote working is here to stay. Fortunately, technology can provide the visibility needed to secure operational access, whether employees are working from the office or at home. While this level of flexibility hasn’t been so readily embraced in the past, secure remote access (SRA) is now being widely used to help companies survive and thrive. SRA is now being widely used to help companies survive and thrive. Visibility into remote devices, connections, and activity monitoring is key, however, as companies don’t have control over the home office infrastructure. For example, we’ve heard of a plant engineer who is considered high risk due to a medical condition and needs to self-isolate. The company the engineer works for has to provide secure remote access, so the engineer can get “inside” the facility to manage their critical assets. The challenge is that by enabling remote access to critical operations assets, the company significantly expanded its attack surface. A big spike in the number of people working from home, and most likely continue to do so, has brought about a change in the micro view of how employees operate and in the macro perspective of how the industry could operate in the future. The pandemic has forced an industry that’s slow to change even the smallest of details into accepting supporting technology. Security was always thought of as a collection of people, processes, and technology, but the latter is now playing a bigger role in allowing businesses to operate via remote access. While it might be preferable for employees to be physically present, secure remote access technology allows organisations to manage remote access to critical systems in a responsible, secure way, providing situational awareness and auditability to see who is touching the business infrastructure. To maintain resilience during COVID-19, we encourage organisations to include both IT and OT teams in cybersecurity planning. Here are some of my recommendations to strengthen an organisation’s security posture exposed by the sudden increase of employees working from home: Increase visibility into the OT environment by using passive traffic monitoring to identify and baseline critical assets and operational states Bolster detection capabilities with anomaly detection technology in IT and OT environments Apply a health check to network infrastructure and ensure correct network segregation and firewall policies are in place Ensure all devices and services are patched. It’s also important to shorten patch cycles, particularly for those that protect remote infrastructure. Where appropriate, use virtual patching to complement existing patching processes until a permanent patch can be conducted Deploy a resilient backup policy that supports quick access to impacted files Perform asset hardening to disable services used by ransomware for propagation COVID-19 has brought wave after wave of personal and business challenges, and we will likely feel its repercussions for some time. It’s never been more important for organisations to prioritise OT and IoT cybersecurity and mitigate risk in order to recover and succeed in the post-pandemic era.  Read Less
October 09, 2020

Comment: Two Thirds Of Businesses Experienced Increase In Endpoint And IoT Security Incidents
The reality is remote access is here to stay.
What stands out to me in this important, timely survey is that almost half of the cybersecurity decision-maker respondents, forty-three percent, expressed ‘moderate to unlikely means to discover, identify and respond to unknown, unmanaged, or insecure devices accessing network and cloud resources’. The reality is remote access is here to stay - it was a trend that was growing prior to COVID and with the pandemic, the trend has escalated. Security programs can adjust to support this new.....Read More
What stands out to me in this important, timely survey is that almost half of the cybersecurity decision-maker respondents, forty-three percent, expressed ‘moderate to unlikely means to discover, identify and respond to unknown, unmanaged, or insecure devices accessing network and cloud resources’. The reality is remote access is here to stay - it was a trend that was growing prior to COVID and with the pandemic, the trend has escalated. Security programs can adjust to support this new normal and tools are available to help. A new generation of artificial intelligence and machine learning tools make it possible to identify cyber threats in real-time and resolve issues before harm is done. With the right technology and a focus on best practices, you can see and respond to these unknown, unmanaged, and insecure IT, OT, and IoT devices Now during National Cybersecurity Awareness Month, it’s a good time to remember it doesn’t have to take a catastrophe to spur change. As organisations in every industry embrace the use of IoT devices to improve operations and the way they work, they’re facing new facing risks to their cyber and physical systems. Review your cybersecurity plans, policies, and culture, and make sure you’re in the best position to address cyber threats. While cultural change can be hard, it is possible if you focus on these areas: Do things in the right order. Set up a good structure of cyber and physical security governance, with clear lines of accountability. Sources, such as the U.S. National Institute of Standards and Technology Cybersecurity Framework, describe a systematic approach with references to applicable standards for each step. Train all personnel thoroughly on their responsibilities. Design corporate policies and procedures to align with those pertaining to cybersecurity and vice versa. Then decide on what technologies to invest in that will support the other elements. Don’t punish people if they admit to having made a mistake. Instead of penalizing employees who make errors, encourage them quick reporting when a cybersecurity breach occurs or when they recognize and disclose a mistake that could create a vulnerability. Treat OT & IoT cybersecurity the same as physical safety. The safety of employees and the public is considered of paramount importance in industrial and critical infrastructure organisations. It’s considered every employee’s responsibility. Cybersecurity should be treated the same way. OT & IoT security is not “one and done.” It’s always evolving. The job of securing assets and employee behavior should be continually updated because threats and vulnerabilities are constantly changing.  Read Less
September 16, 2020

Expert Reacted On Tug Owners Warned After First Detected Cyber Attack
Make people aware of the threat of phishing attacks by training them to recognise suspicious messages.
Transportation organisations are rapidly evolving to improve their service levels and efficiency. As the same time, safety has never been more important, as risks from cyber threats increase. Indeed, the World Economic Forum cites cyberattacks on critical infrastructure, including transportation, as the world’s fifth highest risk in 2020. The maritime industry in particular transports 90% of the world’s trade, and like other industries, is becoming increasingly connected, automated and.....Read More
Transportation organisations are rapidly evolving to improve their service levels and efficiency. As the same time, safety has never been more important, as risks from cyber threats increase. Indeed, the World Economic Forum cites cyberattacks on critical infrastructure, including transportation, as the world’s fifth highest risk in 2020. The maritime industry in particular transports 90% of the world’s trade, and like other industries, is becoming increasingly connected, automated and remotely monitored. The level of system visibility and cybersecurity maturity in this sector is relatively low. Many ships contain devices and systems that their operators aren’t even aware of. Crew are not typically trained to identify phishing emails or manage network access control. While dramatic situations like a vessel being capsized via hacking are not out of the realm of possibility, they are still unlikely. Crew constantly observe ship behaviour and have the ability to employ manual or safety systems to correct performance that is out of normal range. Driven by the needs to reduce risk, comply with international shipping standards, and meet insurer requirements, shipping companies are investing in cyber resiliency. An important capability lies in identifying maritime assets and their communications. Networks should be monitored for vulnerabilities, threats, and unusual behaviour that could indicate a cyberattack. Just as water always flows downhill, cybercriminals will always attack at the weakest part of a system. The people using the system are oftentimes the weakest element, opting to click a link in an email that says “URGENT” or voluntarily giving up their credentials when somebody named “IT Support” asks nicely. The best defence has multiple reinforcing layers. Make people aware of the threat of phishing attacks by training them to recognise suspicious messages. Because people won’t necessarily retain the training information initially, add on to the learning process by testing them. Many organisations distribute test phishing emails from time to time, tracking who falls for them. Someone will inevitably fall victim to such tests. To continue reinforcing protections against a real world phishing attack, organisations should consider providing added protections to email attachments and browser links. Additionally, implement two-factor authentication whenever possible to minimize the risk of stolen credentials. Finally, be sure to have a robust response plan in place to contain and sanitize incidents as soon as possible should they happen.  Read Less
September 09, 2020

Expert Reaction On Pakistan’s Largest Private Power Utility Hit By Netwalker Ransomware
Fortunately in this case it appears K-Electric’s operational networks were not impacted.
The attack against K-Electric once again highlights a concerning trend we continue to see. Ransomware attackers are demanding higher ransoms, aimed at larger and more critical organisations, and they are now often using a two-pronged approach that combines data encryption with data theft, making it difficult for the victim to avoid paying up. Fortunately in this case it appears K-Electric’s operational networks were not impacted. When it comes to ransomware, prevention is always better.....Read More
The attack against K-Electric once again highlights a concerning trend we continue to see. Ransomware attackers are demanding higher ransoms, aimed at larger and more critical organisations, and they are now often using a two-pronged approach that combines data encryption with data theft, making it difficult for the victim to avoid paying up. Fortunately in this case it appears K-Electric’s operational networks were not impacted. When it comes to ransomware, prevention is always better than cure, and this involves organisations deploying tools that will help them immediately identify when something ambiguous is happening within the infrastructure. Applying artificial intelligence and machine learning for real-time detection and response, organisations can monitor for malware to rapidly discover and act to remove malicious code before harm is done.  Read Less