Rockwell urges users to disconnect ICS equipment

[Pelican Press 0]

Rockwell urges users to disconnect ICS equipment

********* industrial control systems (ICS) specialist Rockwell Automation has urged users across the world to

This is the hidden content, please

• Sign In
• or
• Sign Up

, citing geopolitical tensions and a dramatic increase in threat actor activity targeting its hardware through a number of known common vulnerabilities and exposures (CVEs).

The Milwaukee, Wisconsin-based firm’s warning is accompanied by an alert

This is the hidden content, please

• Sign In
• or
• Sign Up

(CISA), advising users to follow its advice.

“Rockwell Automation is issuing this notice urging all customers to take immediate action to assess whether they have devices facing the public internet and, if so, urgently remove that connectivity for devices not specifically designed for public internet connectivity,” the firm said.

“Consistent with Rockwell Automation’s guidance for all devices not specifically designed for public internet connectivity (for example, cloud and edge offerings), users should never configure their assets to be directly connected to the public-facing internet.

“Removing that connectivity as a proactive step reduces ******* surface and can immediately reduce exposure to unauthorised and malicious cyber activity from external threat actors,” Rockwell added.

The organisation is also urging users to pay particular attention to remediating a series of seven known vulnerabilities in various products.

These flaws are CVE-2021-22681 in Logix Controllers; CVE-2022-1159 in Studio 5000 Logix Designer; CVE-2023-3595 in Select Communication Modules; CVE-2023-46290 in FactoryTalk Services Platform; CVE-2023-21914 in FactoryTalk View ME; CVE-2024-21915 in FactoryTalk Service Platform, and CVE-2024-21917, also in FactoryTalk Service Platform. Details of these vulnerabilities are available in the linked advisory.

Ken Dunham, director of cyber threat at the

This is the hidden content, please

• Sign In
• or
• Sign Up

Threat Research Unit (TRU), said: “The Rockwell Automation alert recommends immediate removal of any device that is currently installed with public Internet connectivity, for which it was not designed. This may seem like common sense, but all too often in a world of ‘Hello, it works’, organisations find themselves in a situation where hardware and software are installed and configured in ways that are not recommended and are vulnerable to *******.”

Dunham urged Rockwell customers to pay close attention, saying: “Automated industrial control systems (ICS) are a prime target for ******* by adversaries that wish to impact critical infrastructure, especially in a high-volatility year of elections and war.”

This is the hidden content, please

• Sign In
• or
• Sign Up

research vice president Elisa Costante added: “Despite decades of efforts, the threat to critical infrastructure via industrial control systems ******** alarmingly high, with Forescout Research – Vedere Labs ranking these systems as the 

This is the hidden content, please

• Sign In
• or
• Sign Up

.

“Even as cyber attacks bridge the digital and physical worlds, impacting our physical health and safety, advisories often fall short of offering comprehensive risk assessments. Forescout recently 

This is the hidden content, please

• Sign In
• or
• Sign Up

 and identified network-attached storage (NAS), IP cameras, building automation devices, and VoIP equipment as the most exploited OT and IoT devices.

“It’s crucial that we adopt network-centric defence strategies, harden devices, segment networks, and vigilantly monitor systems to mitigate rising OT threats and secure all managed and unmanaged devices. Now is the time to address this and prevent a potential mass *******,” she said.

Rockwell’s warning comes amid a growing sense of alarm across the cyber security industry over the activities of state-backed espionage operations, such as China’s Volt Typhoon, which is known to have targeted critical infrastructure operations – heavy users of ICS tech – for intrusion and according to the US authorities, may be laying the groundwork for a major, multi-pronged cyber offensive should the geopolitical situation deteriorate.

In a related development, researchers at Mandiant today reported on the growing use of operational relay box, or ORB, networks by ******** state threat actors.

ORB networks are short-lived, frequently-cycled networks that function somewhat like traditional botnets, comprising largely virtual private servers rented by contractors, and compromised internet of things (IoT) devices and even consumer routers. Because they are frequently changed up, ORB networks render so-called indicator of compromise (IoC) extinction – where a known IoC ceases to be used or valid – a greater concern, leaving defenders struggling to keep up.

Mandiant said that while ORBs are not new in and of themselves, their enthusiastic adoption in the ******** cyber espionage community points to a growing investment in sophisticated tradecraft.

This is the hidden content, please

• Sign In
• or
• Sign Up

#Rockwell #urges #users #disconnect #ICS #equipment

This is the hidden content, please

• Sign In
• or
• Sign Up