An In-Depth Look at ICS Vulnerabilities Part 1

Trend Micro -

In 2021, there were significant changes in the methods used by cyber attackers. More advanced destructive supply chain attacks also came to the surface this year. This has created an anxious environment, driving developments in cyber defense and the discovery of ICS-related CVEs.

2021’s timeline overview of major OT and ICS cyber incidents shows that modern criminal operations have become so developed that a service industry has emerged with a common business model – Ransom­ware-as-a-Service (RaaS).

Service operators providing RaaS maintain a customizable platform that they offer to users who want to carry out criminal projects. Known recently-active ransomware groups include Maze, Lockbit, REvil, and DarkSide, though their activity levels can vary.

The Colonial Pipeline and Kaseya Attacks

Around the middle of 2021, Revil and DarkSide got on the United States government’s bad side. The groups’ service was used to trigger two of the most severe ransomware attacks of the year—the Colonial Pipeline and Kaseya supply chain attacks.

The Colonial Pipeline incident, resulting in a US $4.4 payout to attackers, was conducted using DarkSide’s RaaS platform. The Kaseya attack was done using Revil’s service, taking advantage of zero-day authentication bypass” vulnerability, CVE-2021-30116.4. When the Revil group demanded their USD $70

Read More: https://www.trendmicro.com/en_us/research/22/c/an-in-depth-look-at-ics-vulnerabilities-part-1.html