The newly published Rockwell’s PLC’s CVE-2022-1161 and CVE-2022-1159 vulnerabilities by Team82 emphasize once more how Stuxnet-like attacks are still an underlying threat to OT assets which could undergo undetected by network based solutions.
Once an attacker gains the highly desired direct control over the PLC’s, all upper-level communication-based tools, both cyber and operation related, become helpless in detecting the attack’s manifestation. All the process visibility and situational awareness tools could become masked by the attack, leaving operators blind to the actual assets performance.
“Without advanced forensics utilities, the execution of such malicious code cannot be discovered,”- says Sharon Brizinov, a Claroty researcher about the vulnerability recently detected in Rockwell Automation’s PLCs.
These types of attacks seem to be on the rise as the potential risk can be exponential. Due to their increasing frequency as well as their lethality risk, operators must have the deepest awareness of their assets’ state, regardless of the network’s compromise level, to ensure such attacks are detected as soon as possible and dealt with promptly to minimize the damage.
SIGA’s Level 0 solution is the only product in the ICS market offering granular and independent visibility into the operator’s most critical assets. By its core definition level-0 process-oriented cyber detection is agnostic to the attack’s vector – once the attack is transformed to a real process effect, the caused process deviation will be detected fully out of band, reporting to the operator of the site in real-time along with a precise indication of the processes affected by the attack.
Read more about the vulnerability here : Team82 finds that vulnerabilities in Rockwell PLCs could trigger Stuxnet-like attacks – Industrial Cyber
Want to hear more about SIGA’s solution and how it can secure your most valuable assets? Contact Us – SIGA OT Solutions (sigasec.com)