From Ransomware Surges to Global Cyber Conflicts: 4 trends of Operational Technology (OT) Cybersecurity in 2024

In the ever-evolving landscape of industrial systems, the year 2024 presents a unique set of challenges that demand a keen understanding of the intricate connections between machines and their environment. As we stand at the crossroads of technological advancement, the need to address unprecedented complexities in industrial operations has never been more critical. Amidst these challenges, one foundational layer emerges as the linchpin—Level 0. In this article, we embark on a journey to navigate four main hurdles expected in2024 and explore how the Level 0 advantage becomes not just a solution, but a strategic imperative for overcoming the intricacies that define this era in industrial communication. Join us as we unravel the principal challenges that define this new year and discover how listening to the machines at Level 0 emerges as a beacon of resilience in an era of ...
קרא עוד

RAMBO Attack Targets Air-Gapped Systems via RAM

A new side-channel attack, dubbed RAMBO , can steal data from air-gapped systems by exploiting electromagnetic emissions from the system’s RAM. The malware manipulates RAM operations, transmitting data through electromagnetic signals that can be intercepted by nearby devices. Key Developments: RAM Manipulation : Attackers plant malware to control memory operations, generating electromagnetic signals. Range & Speed : Data can be exfiltrated up to 7 meters away at speeds of 1,000 bits per second, making it feasible for stealing encryption keys, passwords, and other critical information. Cost-Effective : Attackers only need a low-cost Software-Defined Radio (SDR) to intercept the signals. Why It Matters: Even air-gapped systems, previously considered highly secure, are vulnerable to this new technique, presenting a significant threat to ...
קרא עוד

Cyber OT Alert Bulletin: Peach Sandstorm Deploys New Backdoor in Critical Infrastructure

Peach Sandstorm, a state-sponsored Iranian hacking group, has deployed a new custom backdoor malware named "Tickler." This backdoor has been used in attacks targeting sectors like satellite communications, oil and gas, defense, and government entities in the U.S. and UAE. The attacks, observed between April and July 2024, leverage compromised Azure infrastructure to establish persistent access to victim networks, enabling extensive intelligence gathering and potential disruption. New Developments Azure Exploitation: The group’s use of compromised Azure subscriptions to control victim networks highlights the critical need for securing cloud infrastructure. These accounts were often obtained through password spraying and social engineering. LinkedIn Social Engineering: Peach Sandstorm also used fake LinkedIn profiles to gather intelligence, particularly targeting ...
קרא עוד

SIGA recipient of the Cyber Excellence Awards 2024

We are thrilled to announce that our cybersecurity solutions have been recognized and honored in multiple categories at the prestigious 2024 Cybersecurity Excellence Awards! We are immensely proud to share that our innovative products have been selected as winners in the following categories: Critical Infrastructure Security Category : Our flagship solution, SIGA, has been acknowledged for its exceptional performance in safeguarding critical infrastructure from cyber threats. With SIGA, we are committed to ensuring the resilience and security of vital systems that form the backbone of modern society. Best Artificial Intelligence (AI) Threat Detection Category : SigaGuard, our cutting-edge AI-powered threat detection system, has been recognized for its unparalleled ability to identify and neutralize cyber threats in real-time. Leveraging advanced AI algorithms, ...
קרא עוד

Stuxnet is Back! Or did it Ever Leave?

Unveiling the resurgence of Web-Based PLC malware and the imperative need for Level 0 monitoring in Industrial Cybersecurity Introduction: In the ever-evolving landscape of cybersecurity threats, researchers from Georgia Tech have recently uncovered a potential game-changer: Stuxnet-style web-based malware targeting Programmable Logic Controllers (PLCs). This discovery may sound like old news, as we all heard of the notorious Stuxnet attack before. However the discovery should raise quite a few alarm bells, as the industry never fully equipped itself with the tools to address this unique type of malware, which only got stronger and more sophisticated with time. The industry should prompt a reevaluation of industrial cybersecurity measures to stay ahead of the curve, measures that also address the often-overlooked risks associated with false process sensor data, further ...
קרא עוד

Navigating New OT Security Frontiers: SIGA and Radiflow

Yossi (Konstantin) Tarnopolsky, Director of Technology Alliances and APAC BD, at Radiflow One of my favorite movies, "Blackhat" ( a 2015 film directed by Michael Mann), opens with a powerful narrative in which a cyberattack targets a nuclear power plant in Hong Kong. While fictitious, this attack reveals significant weaknesses in critical modern infrastructures. The attackers use a variety of tactics to intentionally break into the plant's Supervisory Control and Data Acquisition ( SCADA ) system. They cleverly change settings in the Human-Machine Interface (HMI), which go unnoticed by the engineers, leading to a failure in the cooling system. Eventually, this results in a sudden overheating crisis that culminates in an explosion leading to plenty of chaos. There was a lot of foresight in the “Blackhat” movie. Today, nine years later, not only the energy sector, but ...
קרא עוד

SIGA Now Available in the Microsoft Azure Marketplace

Microsoft Azure customers worldwide now gain access to SIGA’s unique level 0 technology for enhancing OT Security in industrial and critical infrastructure to take advantage of the scalability, reliability and agility of Azure to drive application development and shape business strategies. [Tel – Aviv, Israel— February 19, 2024]  SIGA – Elevating OT cybersecurity to Level 0 , today announced the availability of SigaGuard in the Microsoft Azure Marketplace , an online store providing applications and services for use on Azure. SIGA customers can now take advantage of the productive and trusted Azure cloud platform, with streamlined deployment and management. At SIGA, our commitment to safeguarding critical infrastructure is underpinned by our innovative approach to cybersecurity. Specializing in Level 0 monitoring, the lowest level of the Purdue model for ...
קרא עוד

New Horizons in Cybersecurity with SIGA

In an era where the landscape of cybersecurity is perpetually evolving, I firmly believe that the pillars of continuous learning and unwavering collaboration are indispensable in maintaining a step ahead of emerging threats. It is with a profound sense of duty and an eagerness to contribute that I announce my new advisory role at SIGA, a vanguard in fortifying Level Zero OT resilience, serving as their Director of North America Sales. This opportunity resonates deeply with my commitment to national security, a commitment that was profoundly shaped by my experience within the Pentagon during the September 11 attacks. My role at SIGA arrives at a critical juncture in history– echoing from recent warnings from the FBI Director about state-sponsored hackers poised to "wreak havoc" on our essential services, including water treatment facilities, electrical grids, and oil & ...
קרא עוד

4 Operational Technology (OT) Cybersecurity trends in 2024

In the ever-evolving landscape of industrial systems, the year 2024 presents a unique set of challenges that demand a keen understanding of the intricate connections between machines and their environment. As we stand at the crossroads of technological advancement, the need to address unprecedented complexities in industrial operations has never been more critical. Amidst these challenges, one foundational layer emerges as the linchpin—Level 0. In this article, we embark on a journey to navigate four main hurdles expected in 2024 and explore how the Level 0 advantage becomes not just a solution, but a strategic imperative for overcoming the intricacies that define this era in industrial communication. Join us as we unravel the principal challenges that define this new year and discover how listening to the machines at Level 0 emerges as a beacon of resilience in an era of ...
קרא עוד

Critical Alert: Cyber threats to the U.S. Water Sector

In an unprecedented joint alert, the FBI, CISA, NSA, EPA, and INCD warn of a significant cybersecurity threat targeting the water and wastewater sector. The Iranian Government Islamic Revolutionary Guard Corps (IRGC) is reportedly behind a surge in malicious activities, putting critical infrastructure at risk. The IRGC-affiliated cyber group, "CyberAv3ngers," has persistently targeted Unitronics Vision Series programmable logic controllers (PLCs). Their attacks extend beyond the water sector, impacting energy, manufacturing, and healthcare. Since November 2023, CyberAv3ngers has exploited default credentials in Unitronics devices, leaving anti-Israel defacement messages. The affected organizations span multiple U.S. states, necessitating urgent action. The alert advises organizations, especially those in critical infrastructure, to follow the provided mitigation ...
קרא עוד

Four OT attack scenarios which require SIGA’s Level 0 detection

Attack Scenario 1: (Un)authorized Access Cyber menaces do not stem solely from the outside. Insiders who are granted access or hackers who obtain legitimate credentials can pose a serious threat to the most critical & vulnerable assets. These attacks will most likely go by undetected by standard detection tools since no malicious code or virus is used. SIGA’s ability to monitor process behavior directly from level 0 offers the ultimate method for the security of critical infrastructure regardless of the attack vector. SIGAGUARD is a tailored detection solution for such attacks, which ensures that the most valuable assets are being protected at all times. Attack Scenario 2: Under the Radar - IT/OT ransomware attacks Ransomware attacks are on the rise, which may leave OT environments at the mercy of hackers. Even during an IT based ransomware attack, without ...
קרא עוד

Living-off-the-land (LOTL) attacks

Following the recent assault of the “Volt Typhoon” group on US infrastructure, it’s time for us to talk about living-off-the-land (LOTL) attack techniques that hackers use and how Level 0 can outsmart them. “Volt Typhoon” is a Chinese state-sponsored malicious actor, preparing the ground for future world crises, through the development of powerful hacking capabilities to cause serious disruptions to opponents, whether in North America or Asia. Microsoft has released a fascinating article (link below) about this group’s attack techniques, from data collection to exfiltration all the way towards achieving valid credentials to gain access into the system and establish their living-off-the-land strategy. Microsoft’s report addresses serios issues in terms of exploitation, where signature-matching solutions fail to protect critical infrastructure from ...
קרא עוד

Level 0 recognized by NIST as a best-practice for OT cybersecurity

The National Institute of Standards and Technology (NIST) released a guide for Operation Technology (OT) Security outlining the main risks associated with failure of OT systems as well as best practices for protection of such critical systems. As NIST acknowledges, organizations’ most critical processes rely on OT, which makes them highly vulnerable to cyberattacks, with harsh consequences - from significant losses due to downtimes, through social unrest due to the lack of essential resources like electricity or water, all the way to severe threat to human lives.  This further demonstrates the alarming aftermath such attacks could bear, forcing organizations worldwide to act upon such threats and implement security methods to prevent these negative forecasts from becoming a reality. In section 5.3.6 NIST discusses the importance of considering the Purdue Model’s lowest ...
קרא עוד

SIGA @ Hannover Messe 2023

Come join SIGA during Hannover Messe 2023 (17-21 April)! Our VP Sales, Amir Kandell and our DACH Sales Manager, Markus Stadelhofer will attend the event and will be happy to meet you all there to discuss the importance of Level 0 monitoring.  
קרא עוד

Manufacturing Application Brief

Manufacturing application brief
קרא עוד

Ransomware in OT – keep your eyes on the ball!

OT vulnerabilities are here to stay. The security policies we thrive to implement are those which allow us to learn how to live with them and manage them, without putting (too many) limitations on our productions. One of the rising threats in the past few years is OT ransomware attacks. Just last week, CMMC, the Canadian Copper Mountain Mining Corporation,  disclosed  that it shut off their manufacturing operations in the mills due to a ransomware attack. We all remember the Colonial Pipeline attack that also left its mark on the market. That’s why it’s very surprising to learn, that these two ransomware attacks and others similar to them, were not even OT or ICS related, meaning they did not specifically target the control systems or the manufacturing environment at all. In fact, there was no evidence in real time that the attack ever "crossed the line" and impacted the OT ...
קרא עוד

Securing Operational Technology (OT) systems

Frost and Sullivan together with Applied Risk have published an eye-lighting report regarding the methods to be implemented by critical infrastructures in their Operational Technology (OT) environments in order to ensure cyber resilience to prevent the catastrophic consequences a cyber-attack on these essential businesses might have. The report starts with a quick overview on the many challenges OT systems are facing, from individual malicious actors to nation-funded organizations, critical infrastructure organizations worldwide are struggling with a varied-front cyber war, forcing them to constantly fortify their cyber resilience. The discussed report sets-out 6 main essential habits critical organizations should pay attention to: On top of the above main principles for OT cybersecurity, the report states that above-all organizations must set the seal on their ...
קרא עוד

Relentless cyber-attacks around the world

As cyber threats are growing ever-more intense and frequent, it's time for organizations worldwide to learn from the past and implement best practices to ensure they can act upon these cyber-attacks and prevent them. From Ukraine and Saudi Arabia all the way to the United States, no one is fully immune, and attackers are taking advantage of that. Eventually, anything that can be programmed can be hacked, and so operators are left to solve an almost impossible issue- how can they protect something that can be hacked whenever? A cyber-attack is not a question of "if" but a question "when", and even though operators cannot fully prevent these attacks, they can ensure they possess the best tools to deal with such breaches quickly and effectively to minimize the attack's consequences. By capitalizing on Level 0, operators can gain unparalleled visibility into their critical ...
קרא עוד

SIGA @ INTECH 2022

SIGA participated at INTECH 2022, a leading industrial conference, gathering leading national and international organizations to showcase the latest and most advanced solutions' for protecting and improving their production. SIGA's Israel salesperson, Yair Botbol, met with key figures from various local industries to show how SIGA's Level 0 monitoring solution can promote cyber resilience to a whole new level.
קרא עוד

SIGA @ Energie report

ARES's CEO Jürgen Weiss spoke to the Energie Report  magazine and told them about the many solutions they offer, amongst he discussed SIGA's unparalleled offering for promoting OT cybersecurity. Check-out the full online Energie Report  magazine here (Mr. Weiss's interview is on pages 12-14): Webpaper (report.at) Is your organization cyber resilient? No? Contact Us - SIGA (sigasec.com)  
קרא עוד

SIGA’s CRO, Amir Gil speaks at ICS 7th edition

SIGA's CRO, Amir Gil spoke at ICS 7th edition held on the 20th of November. Mr. Gil discussed the importance of monitoring the process level in order to detect cyber-attacks that will otherwise go unnoticed. He demonstrated how Level 0 can make a difference and provide operators with unmatched situational awareness to act upon cyber threats quickly and effectively. SIGA's many installations have proved that what SIGA sees in unseen by other solutions, allowing organizations to capitalize on the information coming directly from their critical assets to gain full visibility and promote their cyber resilience to a whole new level.
קרא עוד

SIGA @ SPS 2022

SIGA participated at the Smart Production Solutions (SPS) conference in Germany along with our great partner, Phoenix Contact. SIGA's DACH sales manager, Markus Stadelhofer along with SIGA's Sales VP, Amir Kandell were delighted to meet key players from many industries and showcase how Level 0 can promote cyber resilience to a whole new level.
קרא עוד

SIGA’s CEO speaking at a major Water industry event

SIGA’s CEO, Amir Samoiloff attended a unique roundtable gathering water experts from across the US to discuss the many challenges faced by the industry. SIGA is honored to collaborate with water companies to ensure they gain visibility directly from Level 0 to protect their provision of this scarce resource.
קרא עוד

PARALLEL REFERENCE MONITORING

HMI’s Can be Fooled! Detect anomalies before they damage your critical assets. SIGA’s Parallel Reference Monitor (PRM) provides multi-level real-time monitoring, revealing otherwise undetectable Level-0 attacks BACKGROUND Current security methods for industrial control systems are beginning to evolve and include network-level security, some use of firewalls, unidirectional diodes and protected gateways. This vulnerability and common operational constraints lead to very limited solutions, at best. Therefore, the SCADA’s controller level, or Level 1 as it is called in the Purdue Model (e.g., PLC, RTU, etc.) can be compromised in various scenarios.   An attacker has taken control of a critical process while a perfectly normal operational status is reflected on the HMI and other levels. The attack is allowed to continue undetected because the control ...
קרא עוד