The Radiflow Cyber Security Blog

 

Detection of a Crypto-Mining Malware Attack at a Water Utility

Synopsis: Cyber-mining malware enables crypto-currency miners to use some of the processing power of an infected computer for mining cyber-currency. This case study describes the process of detecting and eliminating the malware on SCADA servers operated by a water...

read more

The headache caused by protecting unmanned distributed sites

In recent years, the awareness for securing industrial control systems (ICS) has greatly increased. Since around 2014, many companies have started implementing cyber security solutions to protect their ICS networks from potential cyber incidents. In most companies,...

read more

Are Schools Ready for Cyber Attacks?

When parents send their children to school, they believe that the school will educate them, teach them manners, and prepare them for the real life. But before the teaching starts, both kids and parents should have confidence in the school environment, the quality of...

read more

Detection of unauthorized changes in the PLCs’ logic

The Deep-Packet-Inspection (DPI) protocol for industrial network traffic is one of the fundamental technologies currently used in protecting ICS networks. Using this technology, security products are able to accurately identify the industrial commands and parameters...

read more

Calculating the Cost of a Power Outage

What is the cost of a power outage caused by a cyber-attack? And how does one calculate the predicted cost? Beyond the actuary purpose of estimating the cost of a power outage caused by a cyber-attack, the predicted cost can also inform decision makers as to the...

read more

Analysis of the Ukrainian Outage

As the smoke starts to clear around the Ukrainian power outage–a significant case of a confirmed cyber-attack that left tens of thousands of people in the dark–more and more details are being confirmed about the chain of events that led to the outage. In this paper we...

read more

Seeing in the Dark: ICS Network Visibility

In this post I will describe the usage of an IDS (Intrusion Detection System) tool for achieving Network Visibility in ICS networks. This post will be divided into two sections. First, I will cover the operational and security needs in Network Monitoring. Second, I’ll...

read more

Industrial IDS Deployment

In our previous posts we discussed the various types of attacks on operational (OT) networks. We’ve also discussed the means of mitigating different types of attacks, with the exception of “In-Field” attacks. In this post we will discuss mitigating In-Field attacks...

read more

Revealing Web-Connected Critical Devices

Background In my last entry I mentioned shortly the re connaissance stage in ICS attack campaigns. In this post I will present the risks involved, and I will describe one of the tools used for reconnaissance. If you read this post through, you will be able to search on your own for web-connected SCADA controllers. The […]

read more

Yes We SCAN!

Early detection of ICS attacks decreases the probability of causing damage to the network. In this post I will focus on one of the first stages in ICS attacks, where the attacker attempts to scan the network for devices. First, I will explain the motivation behind the scanning stage, followed by a description of the scanning techniques used…

read more

Designing an ICS Attack Platform

Early detection of ICS attacks decreases the probability of causing damage to the network. In this post I will focus on one of the first stages in ICS attacks, where the attacker attempts to scan the network for devices.

read more

ICS Firewall Deployment

We take it as a given that it’s essential to deploy firewalls inside ICS networks. However, it is less clear why and which properties should such firewalls have: should they be stateful? DPI? Signature-based? In this post I will try to shed some light on the topic. Consider a typical ICS network, with a main […]

read more

The weakness of ICS maintenance operations

What would you say is your biggest concern when it comes to cyber threats to your ICS system? When I asked several cyber-officers in big utilities, they told me that their biggest concern was the interaction between people and the ICS network.

read more