Unveiling the resurgence of Web-Based PLC malware and the imperative need for Level 0 monitoring in Industrial Cybersecurity Introduction: In the ever-evolving landscape of cybersecurity threats, researchers from Georgia Tech have recently uncovered a potential game-changer: Stuxnet-style web-based malware targeting Programmable Logic Controllers (PLCs). This discovery may sound like old news, as we all heard of the notorious Stuxnet attack before. However the discovery should raise quite a few alarm bells, as the industry never fully equipped itself with the tools to address this unique type of malware, which only got stronger and more sophisticated with time. The industry should prompt a reevaluation of industrial cybersecurity measures to stay ahead of the curve, measures that also address the often-overlooked risks associated with false process sensor data, further ...

Yossi (Konstantin) Tarnopolsky, Director of Technology Alliances and APAC BD, at Radiflow One of my favorite movies, "Blackhat" ( a 2015 film directed by Michael Mann), opens with a powerful narrative in which a cyberattack targets a nuclear power plant in Hong Kong. While fictitious, this attack reveals significant weaknesses in critical modern infrastructures. The attackers use a variety of tactics to intentionally break into the plant's Supervisory Control and Data Acquisition ( SCADA ) system. They cleverly change settings in the Human-Machine Interface (HMI), which go unnoticed by the engineers, leading to a failure in the cooling system. Eventually, this results in a sudden overheating crisis that culminates in an explosion leading to plenty of chaos. There was a lot of foresight in the “Blackhat” movie. Today, nine years later, not only the energy sector, but ...

Microsoft Azure customers worldwide now gain access to SIGA’s unique level 0 technology for enhancing OT Security in industrial and critical infrastructure to take advantage of the scalability, reliability and agility of Azure to drive application development and shape business strategies. [Tel – Aviv, Israel— February 19, 2024]  SIGA – Elevating OT cybersecurity to Level 0 , today announced the availability of SigaGuard in the Microsoft Azure Marketplace , an online store providing applications and services for use on Azure. SIGA customers can now take advantage of the productive and trusted Azure cloud platform, with streamlined deployment and management. At SIGA, our commitment to safeguarding critical infrastructure is underpinned by our innovative approach to cybersecurity. Specializing in Level 0 monitoring, the lowest level of the Purdue model for ...

In an era where the landscape of cybersecurity is perpetually evolving, I firmly believe that the pillars of continuous learning and unwavering collaboration are indispensable in maintaining a step ahead of emerging threats. It is with a profound sense of duty and an eagerness to contribute that I announce my new advisory role at SIGA, a vanguard in fortifying Level Zero OT resilience, serving as their Director of North America Sales. This opportunity resonates deeply with my commitment to national security, a commitment that was profoundly shaped by my experience within the Pentagon during the September 11 attacks. My role at SIGA arrives at a critical juncture in history– echoing from recent warnings from the FBI Director about state-sponsored hackers poised to "wreak havoc" on our essential services, including water treatment facilities, electrical grids, and oil & ...

In the ever-evolving landscape of industrial systems, the year 2024 presents a unique set of challenges that demand a keen understanding of the intricate connections between machines and their environment. As we stand at the crossroads of technological advancement, the need to address unprecedented complexities in industrial operations has never been more critical. Amidst these challenges, one foundational layer emerges as the linchpin—Level 0. In this article, we embark on a journey to navigate four main hurdles expected in 2024 and explore how the Level 0 advantage becomes not just a solution, but a strategic imperative for overcoming the intricacies that define this era in industrial communication. Join us as we unravel the principal challenges that define this new year and discover how listening to the machines at Level 0 emerges as a beacon of resilience in an era of ...

In an unprecedented joint alert, the FBI, CISA, NSA, EPA, and INCD warn of a significant cybersecurity threat targeting the water and wastewater sector. The Iranian Government Islamic Revolutionary Guard Corps (IRGC) is reportedly behind a surge in malicious activities, putting critical infrastructure at risk. The IRGC-affiliated cyber group, "CyberAv3ngers," has persistently targeted Unitronics Vision Series programmable logic controllers (PLCs). Their attacks extend beyond the water sector, impacting energy, manufacturing, and healthcare. Since November 2023, CyberAv3ngers has exploited default credentials in Unitronics devices, leaving anti-Israel defacement messages. The affected organizations span multiple U.S. states, necessitating urgent action. The alert advises organizations, especially those in critical infrastructure, to follow the provided mitigation ...

Attack Scenario 1: (Un)authorized Access Cyber menaces do not stem solely from the outside. Insiders who are granted access or hackers who obtain legitimate credentials can pose a serious threat to the most critical & vulnerable assets. These attacks will most likely go by undetected by standard detection tools since no malicious code or virus is used. SIGA’s ability to monitor process behavior directly from level 0 offers the ultimate method for the security of critical infrastructure regardless of the attack vector. SIGAGUARD is a tailored detection solution for such attacks, which ensures that the most valuable assets are being protected at all times. Attack Scenario 2: Under the Radar - IT/OT ransomware attacks Ransomware attacks are on the rise, which may leave OT environments at the mercy of hackers. Even during an IT based ransomware attack, without ...

Following the recent assault of the “Volt Typhoon” group on US infrastructure, it’s time for us to talk about living-off-the-land (LOTL) attack techniques that hackers use and how Level 0 can outsmart them. “Volt Typhoon” is a Chinese state-sponsored malicious actor, preparing the ground for future world crises, through the development of powerful hacking capabilities to cause serious disruptions to opponents, whether in North America or Asia. Microsoft has released a fascinating article (link below) about this group’s attack techniques, from data collection to exfiltration all the way towards achieving valid credentials to gain access into the system and establish their living-off-the-land strategy. Microsoft’s report addresses serios issues in terms of exploitation, where signature-matching solutions fail to protect critical infrastructure from ...

The National Institute of Standards and Technology (NIST) released a guide for Operation Technology (OT) Security outlining the main risks associated with failure of OT systems as well as best practices for protection of such critical systems. As NIST acknowledges, organizations’ most critical processes rely on OT, which makes them highly vulnerable to cyberattacks, with harsh consequences - from significant losses due to downtimes, through social unrest due to the lack of essential resources like electricity or water, all the way to severe threat to human lives.  This further demonstrates the alarming aftermath such attacks could bear, forcing organizations worldwide to act upon such threats and implement security methods to prevent these negative forecasts from becoming a reality. In section 5.3.6 NIST discusses the importance of considering the Purdue Model’s lowest ...

Come join SIGA during Hannover Messe 2023 (17-21 April)! Our VP Sales, Amir Kandell and our DACH Sales Manager, Markus Stadelhofer will attend the event and will be happy to meet you all there to discuss the importance of Level 0 monitoring.  

Frost and Sullivan together with Applied Risk have published an eye-lighting report regarding the methods to be implemented by critical infrastructures in their Operational Technology (OT) environments in order to ensure cyber resilience to prevent the catastrophic consequences a cyber-attack on these essential businesses might have. The report starts with a quick overview on the many challenges OT systems are facing, from individual malicious actors to nation-funded organizations, critical infrastructure organizations worldwide are struggling with a varied-front cyber war, forcing them to constantly fortify their cyber resilience. The discussed report sets-out 6 main essential habits critical organizations should pay attention to: On top of the above main principles for OT cybersecurity, the report states that above-all organizations must set the seal on their ...

As cyber threats are growing ever-more intense and frequent, it's time for organizations worldwide to learn from the past and implement best practices to ensure they can act upon these cyber-attacks and prevent them. From Ukraine and Saudi Arabia all the way to the United States, no one is fully immune, and attackers are taking advantage of that. Eventually, anything that can be programmed can be hacked, and so operators are left to solve an almost impossible issue- how can they protect something that can be hacked whenever? A cyber-attack is not a question of "if" but a question "when", and even though operators cannot fully prevent these attacks, they can ensure they possess the best tools to deal with such breaches quickly and effectively to minimize the attack's consequences. By capitalizing on Level 0, operators can gain unparalleled visibility into their critical ...

SIGA participated at INTECH 2022, a leading industrial conference, gathering leading national and international organizations to showcase the latest and most advanced solutions' for protecting and improving their production. SIGA's Israel salesperson, Yair Botbol, met with key figures from various local industries to show how SIGA's Level 0 monitoring solution can promote cyber resilience to a whole new level.

ARES's CEO Jürgen Weiss spoke to the Energie Report  magazine and told them about the many solutions they offer, amongst he discussed SIGA's unparalleled offering for promoting OT cybersecurity. Check-out the full online Energie Report  magazine here (Mr. Weiss's interview is on pages 12-14): Webpaper (report.at) Is your organization cyber resilient? No? Contact Us - SIGA (sigasec.com)  

SIGA's CRO, Amir Gil spoke at ICS 7th edition held on the 20th of November. Mr. Gil discussed the importance of monitoring the process level in order to detect cyber-attacks that will otherwise go unnoticed. He demonstrated how Level 0 can make a difference and provide operators with unmatched situational awareness to act upon cyber threats quickly and effectively. SIGA's many installations have proved that what SIGA sees in unseen by other solutions, allowing organizations to capitalize on the information coming directly from their critical assets to gain full visibility and promote their cyber resilience to a whole new level.

SIGA participated at the Smart Production Solutions (SPS) conference in Germany along with our great partner, Phoenix Contact. SIGA's DACH sales manager, Markus Stadelhofer along with SIGA's Sales VP, Amir Kandell were delighted to meet key players from many industries and showcase how Level 0 can promote cyber resilience to a whole new level.

SIGA’s CEO, Amir Samoiloff attended a unique roundtable gathering water experts from across the US to discuss the many challenges faced by the industry. SIGA is honored to collaborate with water companies to ensure they gain visibility directly from Level 0 to protect their provision of this scarce resource.

HMI’s Can be Fooled! Detect anomalies before they damage your critical assets. SIGA’s Parallel Reference Monitor (PRM) provides multi-level real-time monitoring, revealing otherwise undetectable Level-0 attacks BACKGROUND Current security methods for industrial control systems are beginning to evolve and include network-level security, some use of firewalls, unidirectional diodes and protected gateways. This vulnerability and common operational constraints lead to very limited solutions, at best. Therefore, the SCADA’s controller level, or Level 1 as it is called in the Purdue Model (e.g., PLC, RTU, etc.) can be compromised in various scenarios.   An attacker has taken control of a critical process while a perfectly normal operational status is reflected on the HMI and other levels. The attack is allowed to continue undetected because the control ...