{"id":50162,"date":"2022-05-20T13:43:21","date_gmt":"2022-05-20T05:43:21","guid":{"rendered":"https:\/\/version-2.com\/?p=50162"},"modified":"2022-05-30T10:42:07","modified_gmt":"2022-05-30T02:42:07","slug":"weekly-ics-ot-security-news-digest-scadafence-may-10","status":"publish","type":"post","link":"https:\/\/version-2.com\/en\/2022\/05\/weekly-ics-ot-security-news-digest-scadafence-may-10\/","title":{"rendered":"Weekly ICS \/ OT Security News Digest | SCADAfence \u2013 May 10"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"50162\" class=\"elementor elementor-50162\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-a9966c4 post-content elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"a9966c4\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;437ef7f&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2884b38\" data-id=\"2884b38\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-980bf1e elementor-widget elementor-widget-text-editor\" data-id=\"980bf1e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p align=\"center\"><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/blog.scadafence.com\/hubfs\/weeklyupdateMay92022.png\" alt=\"\" height=\"379\" width=\"757\"><\/p>\n\n<p>Our research team has put together all of the most relevant news topics in the Ransomware and IoT security fields, as well as their impacts and their expert recommendations:<\/p>\n<div id=\"more-50165\" bis_skin_checked=\"1\"><\/div>\n<h2 style=\"font-size: 20px;\"><span style=\"text-decoration: underline;\"><strong>IT<\/strong><\/span><\/h2>\n<h3 style=\"font-size: 20px;\"><strong>Title:<span style=\"color: #000000;\"> Bumblebee Malware Loader<\/span><\/strong><\/h3>\n<p><strong>Description<\/strong>: <strong>A new malware loader, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-bumblebee-malware-replaces-contis-bazarloader-in-cyberattacks\/\" rel=\"noopener\" target=\"_blank\">Bumblebee<\/a>, is being used as a <a href=\"https:\/\/thehackernews.com\/2022\/04\/cybercriminals-using-new-malware-loader.html\" rel=\"noopener\" target=\"_blank\">replacement for the BazarLoader and IcedID <\/a>to deliver ransomware payloads<\/strong>. Phishing campaigns were observed in which threat actors used Bumblebee to <a href=\"https:\/\/www.securityweek.com\/new-bumblebee-malware-loader-used-several-cybercrime-groups\" rel=\"noopener\" target=\"_blank\">drop shellcode <\/a>and the Cobalt Strike, Sliver, and Meterpreter frameworks.&nbsp;<\/p>\n<p><strong>Attack Parameters<\/strong>: The campaigns are delivered via phishing emails containing a link to a malicious file. For persistence, the malware uses scheduled tasks and WMI execution.<br><strong>Many similarities were found between the loader and TrickBot<\/strong>, including the web-inject module and the evasion technique.<\/p>\n<p><strong>Impact<\/strong>: As BazarLoader was used in attacks in the past, Bumblebee is likely to become a popular tool for ransomware groups.<\/p>\n<p><strong>Recommendations:<\/strong> Following are best practices recommendations to minimize the chances of being infected by ransomware:<\/p>\n<ul>\n<li>Apply the latest security patches on the assets in the network.<\/li>\n<li>Use unique passwords and multi-factor authentication on authentication paths to OT assets.<\/li>\n<li>Educate staff about the risks and methods of ransomware attacks and how to avoid infection.<\/li>\n<\/ul>\n<p><strong>SCADAfence Coverage:<\/strong> The SCADAfence Platform detects new connections, connections to and from external devices, and connections to and from the Internet. The platform also detects suspicious behavior based on IP reputation, hash reputation, and domain reputation.<br>The SCADAfence Platform also detects scheduled tasks and WMI process creation, as well as the use of Cobalt Strike and Meterpreter.&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2 style=\"font-size: 20px;\"><span style=\"text-decoration: underline;\"><strong><span style=\"color: #000000; text-decoration: underline;\">Ransomware<\/span><\/strong><\/span><\/h2>\n<h2 style=\"font-size: 20px;\"><span style=\"font-size: 20px;\"><strong>Title:<span style=\"color: #000000;\"> Lapsus$ Extortion Group \u2013 T-Mobile Breach<\/span><\/strong><\/span><strong><span style=\"font-size: 14px;\"><br><\/span><\/strong><\/h2>\n<p><strong>Description<\/strong>: <strong><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/t-mobile-confirms-lapsus-hackers-breached-internal-systems\/\" rel=\"noopener\" target=\"_blank\">Lapsus$<\/a> group breached <a href=\"https:\/\/threatpost.com\/lapsus-hackers-target-t-mobile\/179384\/\" rel=\"noopener\" target=\"_blank\">T-Mobile\u2019s network<\/a> using stolen VPN credentials and gained access to internal systems<\/strong>. The stolen credentials, found on illicit platforms, allowed the attackers to access the company\u2019s internal tools, which allowed them to conduct sim-swapping attacks.<br>The credentials used in the hack were disabled after discovering the breach.<\/p>\n<p><strong>Attack Parameters<\/strong>: Lapsus$ compromises systems to steal source code, customer lists, databases, and other valuable data, then attempts to extort the victim with ransom demands that threaten to publicly leak the data. They primarily focus on obtaining compromised credentials for initial access using the following methods:<\/p>\n<ul>\n<li>Deploying Redline password stealer to obtain passwords and session tokens.<\/li>\n<li>Buying credentials and session tokens on criminal underground forums.<\/li>\n<li>Paying employees at targeted organizations for access to credentials and MFA approval.<\/li>\n<li>Searching public code repositories for exposed credentials.<\/li>\n<li>The group also uses RDP and VDI to remotely access a business\u2019 environment.<\/li>\n<\/ul>\n<p><strong>Impact<\/strong>: No sensitive customer data was stolen.<\/p>\n<p><strong>Recommendations:<\/strong>&nbsp; Following are best practices recommendations:<\/p>\n<ul>\n<li>Make sure secure offline backups of critical systems are available and up-to-date.<\/li>\n<li>Apply the latest security patches on the assets in the network.<\/li>\n<li>Use unique passwords and multi-factor authentication on authentication paths to OT assets.<\/li>\n<li>Encrypt sensitive data when possible.<\/li>\n<li>Educate staff about the risks and methods of ransomware attacks and how to avoid infection.<\/li>\n<\/ul>\n<p><strong>SCADAfence Coverage<\/strong>: The SCADAfence Platform detects new connections, connections to and from external devices, and connections to and from the Internet. The platform also detects suspicious behavior based on IP reputation, hash reputation, and domain reputation.<br>RDP connections can be tracked with the User Activity Analyzer.<\/p>\n<p style=\"text-align: center;\"><br><a href=\"https:\/\/www.scadafence.com\/scadafence-remote-access-security\/\" rel=\"noopener\" bis_size=\"{&quot;x&quot;:279,&quot;y&quot;:4313,&quot;w&quot;:757,&quot;h&quot;:272,&quot;abs_x&quot;:279,&quot;abs_y&quot;:4313}\"><img decoding=\"async\" src=\"https:\/\/i0.wp.com\/blog.scadafence.com\/hs-fs\/hubfs\/image17-png.png?w=491&amp;ssl=1\" alt=\"image17-png\" style=\"width: 491px; margin-left: auto; margin-right: auto; display: block;\" data-recalc-dims=\"1\" bis_size=\"{&quot;x&quot;:412,&quot;y&quot;:4313,&quot;w&quot;:491,&quot;h&quot;:272,&quot;abs_x&quot;:412,&quot;abs_y&quot;:4313}\" bis_id=\"bn_nw2qp2qkoohwmyx5yqhb5e\"><\/a><span style=\"font-size: 12px; font-weight: bold;\">&nbsp;SCADAfence Platform \u2013 User Activity Analyzer<\/span><\/p>\n<h3><span style=\"font-size: 20px;\"><strong>Title:<span style=\"color: #000000;\"> Black Basta Ransomware<\/span><\/strong><\/span><strong><span style=\"font-size: 14px;\"><br><\/span><\/strong><\/h3>\n<p><strong>Description:<\/strong> <strong>A new ransomware operation, <a href=\"https:\/\/www.securityweek.com\/new-black-basta-ransomware-possibly-linked-conti-group\" rel=\"noopener\" target=\"_blank\">Black Basta<\/a>, uses a <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-black-basta-ransomware-springs-into-action-with-a-dozen-breaches\/\" rel=\"noopener\" target=\"_blank\">double-extortion scheme<\/a><\/strong>, where the threat actors demand a ransom to receive a decryptor and prevent the publishing of the victim\u2019s stolen data.<\/p>\n<p><strong>Targets<\/strong>: Among the operation\u2019s victims are the <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/american-dental-association-hit-by-new-black-basta-ransomware\/\" rel=\"noopener\" target=\"_blank\">American Dental Association <\/a>(ADA) and the German wind turbine giant <a href=\"https:\/\/www.securityweek.com\/german-wind-turbine-firm-discloses-targeted-professional-cyberattack\" rel=\"noopener\" target=\"_blank\">Deutsche Windtechnik.<\/a><\/p>\n<p><strong>Attack Parameters:<\/strong> The malware requires administrator privileges to work, and hijacks the Windows Fax service for persistence on the infected systems. <strong>Similarities were found between Black Basta and Conti<\/strong>.<\/p>\n<p><br><strong>Impact:<\/strong> The ADA took affected systems offline, which disrupted various online services, telephones, email, and webchat.<br>Deutsche Windtechnik switched off the remote data monitoring connections to the wind turbines, but claimed the wind turbines did not suffer any damage.<\/p>\n<p><strong>Recommendations<\/strong>:&nbsp; Following are best practices recommendations:<\/p>\n<ul>\n<li>Make sure secure offline backups of critical systems are available and up-to-date.<\/li>\n<li>Apply the latest security patches on the assets in the network.<\/li>\n<li>Use unique passwords and multi-factor authentication on authentication paths to OT assets.<\/li>\n<li>Encrypt sensitive data when possible.<\/li>\n<li>Educate staff about the risks and methods of ransomware attacks and how to avoid infection.<\/li>\n<\/ul>\n<p><strong>SCADAfence Coverage<\/strong>: The SCADAfence Platform detects new connections, connections to and from external devices, and connections to and from the Internet. The platform also detects suspicious behavior based on IP reputation, hash reputation, and domain reputation.<\/p>\n<h3><span style=\"font-weight: bold; font-size: 20px;\">Title:<span style=\"color: #000000;\"> Stormous \u2013 Coca-Cola Breach<\/span><\/span><\/h3>\n<p><span style=\"color: #000000;\"><strong>Description:<\/strong> <\/span><strong><span style=\"color: #000000;\">Stormous gang claimed it has successfully breached some of<\/span> <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/coca-cola-investigates-hackers-claims-of-breach-and-data-theft\/\" rel=\"noopener\" target=\"_blank\">Coca-Cola\u2019s servers <\/a>and stole over 160GB of data<\/strong>. There is no indication that Stormous deployed <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/coca-cola-investigates-data-theft-ransomware\" rel=\"noopener\" target=\"_blank\">file-encrypting malware<\/a> on their victims\u2019 networks, making them closer to a <a href=\"https:\/\/www.securityweek.com\/coca-cola-investigating-hack-claims-made-pro-russia-group\" rel=\"noopener\" target=\"_blank\">data extortion group<\/a>, than a ransomware group.<\/p>\n<p><br><strong>Attack Parameters:<\/strong> The group works with the tactic of double extortion, which is encryption and data theft.&nbsp; The stolen files are leaked if the victim does not pay the ransom.<\/p>\n<p><strong>Impact<\/strong>:<span style=\"color: #000000;\"> Among the files listed, there are compressed documents, text files with admin, emails, and passwords, account and payment ZIP archives, and other types of sensitive information.<\/span><\/p>\n<p><strong>Recommendation<\/strong>:&nbsp; Following are best practices recommendations:<\/p>\n<ul>\n<li>Make sure secure offline backups of critical systems are available and up-to-date.<\/li>\n<li>Apply the latest security patches on the assets in the network.<\/li>\n<li>Use unique passwords and multi-factor authentication on authentication paths to OT assets.<\/li>\n<li>Encrypt sensitive data when possible.<\/li>\n<li>Educate staff about the risks and methods of ransomware attacks and how to avoid infection.<\/li>\n<\/ul>\n<p><strong style=\"background-color: transparent;\">SCADAfence Coverage<\/strong><span style=\"background-color: transparent;\">: The SCADAfence Platform detects new connections, connections to and from external devices, and connections to and from the Internet. The platform also detects suspicious behavior based on IP reputation, hash reputation, and domain reputation.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2 style=\"font-size: 20px;\"><strong><span style=\"text-decoration: underline;\">IoT<\/span><\/strong><\/h2>\n<p><span style=\"font-weight: bold;\">Title:<span style=\"color: #000000;\"> DNS Vulnerability in uClibc IoT Library (CVE-2022-30295)<\/span><\/span><br><strong>Description<\/strong>: <strong>A new vulnerability affecting the DNS implementation of all versions of<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/unpatched-dns-bug-affects-millions-of-routers-and-iot-devices\/\" rel=\"noopener\" target=\"_blank\"> uClibc and uClibc-ng<\/a><\/strong> (<span style=\"color: #000000;\">CVE-2022-30295<\/span>). This could allow an attacker to mount DNS poisoning attacks against IoT <a href=\"https:\/\/threatpost.com\/dns-bug-millions-routers-iot-risk\/179478\/\" rel=\"noopener\" target=\"_blank\">devices and routers <\/a>to potentially take control of them.<\/p>\n<p><br><strong>Affected vendors<\/strong>: Both uClibc and uClibc-ng are widely used by vendors such as Netgear, Axis, and Linksys, as well as Linux distributions.<\/p>\n<p><br><strong>Attack Parameters<\/strong>: The vulnerability is caused by the predictability of transaction IDs included in the DNS requests, which may allow attackers to perform DNS poisoning attacks.<\/p>\n<p><strong>Impact<\/strong>: Successful exploitation could allow an attacker to alter or intercept network traffic to compromise connected devices. <br><strong>This vulnerability has a broad scope not only because of the devices it potentially affects, but also because of the inherent importance of DNS to any device connecting over IP<\/strong>.<br><strong>Recommendations<\/strong>: An official patch or workarounds have not yet been released.<\/p>\n<p><br><strong><span style=\"text-decoration: underline;\">SCADAfence Coverage:<\/span><\/strong> The SCADAfence Platform detects new connections, connections to and from external devices, and connections to and from the Internet. The platform also detects suspicious behavior based on IP reputation, hash reputation, and domain reputation.<br>DNS connections can be tracked with User Activity Analyzer.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5987d9c elementor-widget elementor-widget-shortcode\" data-id=\"5987d9c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18130\" class=\"elementor elementor-18130\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;],&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ff2a228 elementor-widget elementor-widget-text-editor\" data-id=\"ff2a228\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><\/p>\n<p><strong>About SCADAfence<\/strong><br \/>SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT\/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world\u2019s most complex OT networks, including Europe\u2019s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Our research team has put together all of the most rele [&hellip;]<\/p>","protected":false},"author":143524195,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[417,488,61],"tags":[418,489],"class_list":["post-50162","post","type-post","status-publish","format-standard","hentry","category-scadafence","category-488","category-press-release","tag-scadafence","tag-489"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Weekly ICS \/ OT Security News Digest | SCADAfence \u2013 May 10 - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.scadafence.com\/your-weekly-ics-ot-security-news-digest-may-10-22\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Weekly ICS \/ OT Security News Digest | SCADAfence \u2013 May 10 - Version 2\" \/>\n<meta property=\"og:description\" content=\"Our research team has put together all of the most rele [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.scadafence.com\/your-weekly-ics-ot-security-news-digest-may-10-22\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-20T05:43:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-05-30T02:42:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.scadafence.com\/hubfs\/weeklyupdateMay92022.png\" \/>\n<meta name=\"author\" content=\"version2hk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"version2hk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blog.scadafence.com\\\/your-weekly-ics-ot-security-news-digest-may-10-22#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/05\\\/weekly-ics-ot-security-news-digest-scadafence-may-10\\\/\"},\"author\":{\"name\":\"version2hk\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\"},\"headline\":\"Weekly ICS \\\/ OT Security News Digest | SCADAfence \u2013 May 10\",\"datePublished\":\"2022-05-20T05:43:21+00:00\",\"dateModified\":\"2022-05-30T02:42:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/05\\\/weekly-ics-ot-security-news-digest-scadafence-may-10\\\/\"},\"wordCount\":1169,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/blog.scadafence.com\\\/your-weekly-ics-ot-security-news-digest-may-10-22#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.scadafence.com\\\/hubfs\\\/weeklyupdateMay92022.png\",\"keywords\":[\"SCADAfence\",\"2022\"],\"articleSection\":[\"SCADAfence\",\"2022\",\"Press Release\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/05\\\/weekly-ics-ot-security-news-digest-scadafence-may-10\\\/\",\"url\":\"https:\\\/\\\/blog.scadafence.com\\\/your-weekly-ics-ot-security-news-digest-may-10-22\",\"name\":\"Weekly ICS \\\/ OT Security News Digest | SCADAfence \u2013 May 10 - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/blog.scadafence.com\\\/your-weekly-ics-ot-security-news-digest-may-10-22#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/blog.scadafence.com\\\/your-weekly-ics-ot-security-news-digest-may-10-22#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.scadafence.com\\\/hubfs\\\/weeklyupdateMay92022.png\",\"datePublished\":\"2022-05-20T05:43:21+00:00\",\"dateModified\":\"2022-05-30T02:42:07+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/blog.scadafence.com\\\/your-weekly-ics-ot-security-news-digest-may-10-22#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blog.scadafence.com\\\/your-weekly-ics-ot-security-news-digest-may-10-22\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.scadafence.com\\\/your-weekly-ics-ot-security-news-digest-may-10-22#primaryimage\",\"url\":\"https:\\\/\\\/blog.scadafence.com\\\/hubfs\\\/weeklyupdateMay92022.png\",\"contentUrl\":\"https:\\\/\\\/blog.scadafence.com\\\/hubfs\\\/weeklyupdateMay92022.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/blog.scadafence.com\\\/your-weekly-ics-ot-security-news-digest-may-10-22#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Weekly ICS \\\/ OT Security News Digest | SCADAfence \u2013 May 10\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\",\"name\":\"version2hk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"caption\":\"version2hk\"},\"sameAs\":[\"http:\\\/\\\/version2xfortcom.wordpress.com\"],\"url\":\"https:\\\/\\\/version-2.com\\\/en\\\/author\\\/version2hk\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Weekly ICS \/ OT Security News Digest | SCADAfence \u2013 May 10 - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.scadafence.com\/your-weekly-ics-ot-security-news-digest-may-10-22","og_locale":"en_US","og_type":"article","og_title":"Weekly ICS \/ OT Security News Digest | SCADAfence \u2013 May 10 - Version 2","og_description":"Our research team has put together all of the most rele [&hellip;]","og_url":"https:\/\/blog.scadafence.com\/your-weekly-ics-ot-security-news-digest-may-10-22","og_site_name":"Version 2","article_published_time":"2022-05-20T05:43:21+00:00","article_modified_time":"2022-05-30T02:42:07+00:00","og_image":[{"url":"https:\/\/blog.scadafence.com\/hubfs\/weeklyupdateMay92022.png","type":"","width":"","height":""}],"author":"version2hk","twitter_card":"summary_large_image","twitter_misc":{"Written by":"version2hk","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.scadafence.com\/your-weekly-ics-ot-security-news-digest-may-10-22#article","isPartOf":{"@id":"https:\/\/version-2.com\/2022\/05\/weekly-ics-ot-security-news-digest-scadafence-may-10\/"},"author":{"name":"version2hk","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db"},"headline":"Weekly ICS \/ OT Security News Digest | SCADAfence \u2013 May 10","datePublished":"2022-05-20T05:43:21+00:00","dateModified":"2022-05-30T02:42:07+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2022\/05\/weekly-ics-ot-security-news-digest-scadafence-may-10\/"},"wordCount":1169,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/blog.scadafence.com\/your-weekly-ics-ot-security-news-digest-may-10-22#primaryimage"},"thumbnailUrl":"https:\/\/blog.scadafence.com\/hubfs\/weeklyupdateMay92022.png","keywords":["SCADAfence","2022"],"articleSection":["SCADAfence","2022","Press Release"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2022\/05\/weekly-ics-ot-security-news-digest-scadafence-may-10\/","url":"https:\/\/blog.scadafence.com\/your-weekly-ics-ot-security-news-digest-may-10-22","name":"Weekly ICS \/ OT Security News Digest | SCADAfence \u2013 May 10 - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.scadafence.com\/your-weekly-ics-ot-security-news-digest-may-10-22#primaryimage"},"image":{"@id":"https:\/\/blog.scadafence.com\/your-weekly-ics-ot-security-news-digest-may-10-22#primaryimage"},"thumbnailUrl":"https:\/\/blog.scadafence.com\/hubfs\/weeklyupdateMay92022.png","datePublished":"2022-05-20T05:43:21+00:00","dateModified":"2022-05-30T02:42:07+00:00","breadcrumb":{"@id":"https:\/\/blog.scadafence.com\/your-weekly-ics-ot-security-news-digest-may-10-22#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.scadafence.com\/your-weekly-ics-ot-security-news-digest-may-10-22"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.scadafence.com\/your-weekly-ics-ot-security-news-digest-may-10-22#primaryimage","url":"https:\/\/blog.scadafence.com\/hubfs\/weeklyupdateMay92022.png","contentUrl":"https:\/\/blog.scadafence.com\/hubfs\/weeklyupdateMay92022.png"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.scadafence.com\/your-weekly-ics-ot-security-news-digest-may-10-22#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/"},{"@type":"ListItem","position":2,"name":"Weekly ICS \/ OT Security News Digest | SCADAfence \u2013 May 10"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db","name":"version2hk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","caption":"version2hk"},"sameAs":["http:\/\/version2xfortcom.wordpress.com"],"url":"https:\/\/version-2.com\/en\/author\/version2hk\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-d34","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/50162","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/users\/143524195"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/comments?post=50162"}],"version-history":[{"count":7,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/50162\/revisions"}],"predecessor-version":[{"id":50169,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/50162\/revisions\/50169"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/media?parent=50162"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/categories?post=50162"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/tags?post=50162"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}