An attack on outsourced services brings businesses to a halt
On the morning of Saturday, July 3rd, many customers showing up at Coop supermarkets in Sweden were unable to do their weekend grocery shopping as more than half of the company’s 800 stores were affected by a cyberattack that disabled point-of-sale tills and self-service checkout stations. As a Coop spokeswoman said in a statement to the BBC, "We first noticed problems in a small number of stores on Friday evening around 6:30pm so we closed those stores early. Then overnight we realised it was much bigger and we took the decision not to open most of our stores this morning so that our teams could work out how to fix it.”
This cyber attack like many others was set off as the weekend was beginning, timed to create maximum havoc. The disruptions were caused by an attack on the organization’s Managed Service Provider (MSP), Kaseya. MSPs are a service by which organizations can outsource their IT needs, usually including things like IT infrastructure, cybersecurity, and providing managed hardware outsourcing, among many others. Coop was just one of many organizations suffering coming under an REvil ransomware attack as a result of this breach, which according to Kaseya’s critical bulletin on July 3rd ultimately affected “fewer than 60 Kaseya customers” and “fewer than 1,500 downstream organizations”.
Affected customers used the cloud-based management and monitoring platform Kaseya VSA (Virtual System Administrator) to deploy software and automate IT-related tasks, which is what allowed bad actors to deploy enterprise systems at such a high level of privilege. In their July 3rd bulletin, Kaseya advised that all users running Kaseya VSA on-premises shut down their servers and await further instruction, as well as the shutdown of their SaaS and hosted servers (though they did not believe them to be affected). The attack was spread through Kaseya’s auto-update system. Kaseya VSA downloaded malware labeled as a 'hotfix' that would then disable security features, extract an agent, and begin the encryption process. With Kaseya’s hard work it took about nine days to restore normal functionality.
Once ransomware encrypts data, operations are disrupted for several days at minimum. Fortunate organizations have data backups that can be used for restoration, but even that will cause significant delays. Some stakeholders might choose to pay ransoms in exchange for their hackers’ promise that they’ll delete data and not release it to the public or in an attempt to rescue their business. TXOne’s threat researchers recommend against this – the REvil ransomware group in particular has a history of receiving one payment to delete stolen sensitive information and then coming back later to extort another.
While the web site that REvil used to host their announcements, payment portal, extortion page, and chat function went offline on July 13th, make no mistake: the ransomware itself remains at large and no less of a threat to operations. Trend Micro researchers even identified an attempt to piggyback onto this attack in the form of spam e-mails from fake IT company employees offering a “Kaseya patch” of remote access software deviously labeled ‘SecurityUpdates.exe’.
Point-of-sale terminals like those brought to a stop in this attack often run on legacy OSes, like Windows Embedded XP, and have difficulty running traditional anti-malware defenses. TXOne Networks’ ICS endpoint protection solution StellarEnforce is tailor-made for legacy systems, and secures them against ransomware, including REvil, with the use of trust list-based lockdown. Systems running StellarEnforce can only execute applications and services that are trust listed, allowing minimized impact to system resources while requiring no internet connection, periodic updates, or regular scans.
TXOne Networks’ threat researchers recommend the use of lightweight lockdown software StellarEnforce to secure fixed-use and legacy assets.
New E-Book: Secure Manufacturing on Cloud, Edge, and 5G
Trend Micro has released a new e-book that shows how adding communication technology (CT) to your work site brings with it new security challenges, including the attacks likely to be used on each type of CT, the potential business impact, and up-to-date recommendations for defense.
The 3 Cornerstones of OT Network Defense
The current wave of cyberattacks on critical infrastructure is showing no signs of weakening. At baseline, stakeholders are thinking about how to keep their network secure. To reach this goal, TXOne Networks recommends applying the triad of OT network security methodologies – segmentation, inspection, and virtual patching.
The 5 Tactics Hackers Use on Robotic Assets
In 2017 Trend Micro released a white paper that gave us a look at the future of securing robotic assets – since then, the COVID-19 pandemic rapidly pushed robots into more life- and mission-critical roles than ever before. Learn the five ways hackers attack these assets and how to secure them.
Newly-discovered vulnerability in QNAP Network Attached Storage (CVE-2021-28809)
TXOne researcher Ta-Lun Yen will be giving a talk at the Code Blue international security talks in Tokyo about a vulnerability he recently discovered in QNAP’s Network Attached Storage (NAS) software. Check here for more information about this vulnerability, how to secure your assets running QNAP NAS, and where to catch Ta-Lun's talk.
Four TXOne Networks solutions selected by Yokogawa Electric as ‘Partner Products’
Yokogawa Electric has selected next-generation firewall and IPSes from TXOne Networks’ Edge series as ‘Partner Products’ for Yokogawa's industrial control systems. We’re pleased that this collaboration between Yokogawa Electric and our parent company Trend Micro allows our solutions to contribute to the global security of automation and data exchange.
Newly-discovered MSHTML vulnerability allows total system takeover
A newly-discovered vulnerability in MSHTML exploits functions of MS Office and Internet Explorer to launch malware on a system without user interaction – deploy mitigation immediately to keep the operation running.
New Report: How TMPS3 Streamlines NERC CIP Compliance
The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) regulations are a necessary set of hurdles for stakeholders in electrical utilities. Power grid stakeholders have found that using Trend Micro Portable Security 3 for NERC CIP compliance makes the process much more manageable, streamlining maintenance and saving time.
NESIC now provides TXOne Networks solutions to protect work sites from cyber crime
We’re delighted to announce that NESIC now synergizes their systems integration and support services with TXOne Networks’ EdgeFire and EdgeIPS! As cyber risk continues to increase with every passing day, efforts like these to create secure work site technology from the ground up become more and more important.
Come and see us at the TXOne Networks booth and showcase for FIC Cybersecurity for Industry 2021
TXOne Networks is pleased to announce that we’ll have a booth and showcase at FIC Cybersecurity for Industry 2021! Come see us for a first-hand overview of the current threat landscape and a look at the solutions that can protect work facilities from modern day cyberattacks.
TXOne Networks researcher discovers vulnerabilities in Bosch ethernet modules
Two CVEs discovered in Bosch ethernet communication modules create the potential for hackers to majorly disrupt operations. TXOne researchers recommend securing your network so that vulnerabilities like this can’t threaten productivity even if you aren’t able to patch affected assets right away.
New digital report on OT cybersecurity from TXOne Networks in association with ATOS
TXOne Networks is excited to announce the release of a digital report in association with ATOS, which provides a crisp overview of the issues facing today’s OT stakeholders.
White Paper Release, ‘Defending Railway Operations from Targeted Cyberattacks’
As modern railway technologies are introduced and integrated with legacy assets, cyber attackers have developed new ways to cause catastrophic disruptions to operations. In our latest white paper, ‘Defending Railway Operations from Targeted Cyberattacks’, you’ll read about the recent targeted cyberattacks on railways and the most up-to-date methods of prevention.
Austen Byers explains OT security challenges and the current threat landscape on B2B Tech Talk with Ingram Micro
TXOne Networks’ Director of Sales and Engineering for North America, Austen Byers, was recently a guest on B2B Tech Talk with Ingram Micro, where he shared cutting-edge insights into the current threat landscape for OT environments. In this 14-minute interview, you’ll learn about the differences between IT and OT that often create challenges to OT security as well as the fundamentals of preventing the 3 types of OT cyber attacks.
The first vulnerabilities are being discovered in the TOYOPUC protocol
One of the first vulnerabilities in the TOYOPUC protocol, CVE-2021-27477, was discovered by TXOne Networks’ own threat researcher Chris Yang working with Trend Micro’s Zero Day Initiative on June 29, 2021. This low-complexity attack allows an intruder to crash the accessed device – cover those bases and take care of the necessary mitigations!
U.K.-based Northern Rail's ticketing system shut down after ransomware attack
On July 20th, railway stations in northern English towns and cities were disrupted when over 600 ticketing machines across approximately 420 stations were infected with ransomware. As railway devices modernize, stakeholders will look for ways to provide protection while maintaining high operational efficiency.
Wake up from PrintNightmare: 4 mitigations for 4 distinct vulnerabilities
With a fourth as-yet-unnamed exploit in Windows Print Spooler now discovered, we recommend stakeholders take a quick look at this list of the 4 vulnerabilities and their necessary mitigations to make sure work site endpoints are safe from harm.
Attackers easily compromise endpoints with ‘PrintNightmare’ vulnerability – 3 ways to secure mission-critical assets immediately
Attackers taking advantage of the PrintNightmare vulnerability in Windows systems have a convenient path to remote code execution and privilege explanation on industrial endpoints running Windows OSes - here’s the latest info on the vulnerability and 3 ways to secure those endpoints right away.
5 mitigations to protect against increasingly disruptive railway cyber attacks
In 2020, railway services worldwide were threatened by a series of increasingly sophisticated railway cyber attacks. We’ve recommended 5 mitigations to prevent such cyber attacks and provided a look at a timeline of 2020’s major attacks on railway services.
5 ICS vulnerabilities in Advantech products and how to deal with them
One of TXOne Networks’ researchers, Chizuru Toyama, has discovered 5 ICS vulnerabilities in Advantech products including ‘WebAccess/SCADA’ and ‘WISE-PaaS/RMM’. Learn more about these vulnerabilities, as well as how network segmentation and security awareness education about phishing can both be used to repel attackers attempting to leverage these exploits.
Accenture IoT workshop shares TXOne Networks solutions in German
We’re excited to announce that Accenture and our parent company Trend Micro are co-hosting a German language workshop showing how to secure and modernize production while maximizing availability. Learn from a direct exchange with leading experts in different fields, with an opportunity to ask your own questions.
The White House urges improved cybersecurity for work sites
In the wake of successful ransomware attacks on Colonial Pipeline, which provides 45% of the U.S. East Coast’s fuel, and JBS Foods, the world’s largest meat supplier, the United States government has released recommendations to improve ICS cybersecurity.
Security Disclosure Acknowledgement
TXOne Networks wishes to thank the following security researchers for their participation in our vulnerability disclosure program.
Ireland's healthcare services compromised in a major cyber attack with Conti ransomware - Part 2
Last week we shared information about a targeted ransomware attack on the central system of Ireland’s healthcare services. This week, we’ll take a look at how attacks like this one are conducted and what can be done to stop them.
Ireland's healthcare services compromised in a major cyber attack with Conti ransomware – Part 1
On May 14th, 90% of Ireland’s hospitals were shut out of patient records, email, and scheduling systems. Attackers threatened to release 700GB in patient data onto the internet if a $20 million ransom was not promptly paid.
‘Most Innovative in Critical Infrastructure Protection’ and ‘Editor’s Choice in ICS/SCADA Security’ awarded to TXOne Networks in Cyber Defense Magazine’s 2021 Global InfoSec Awards
We are pleased to announce that TXOne Networks has won two awards from Cyber Defense Magazine’s 9th annual Global InfoSec Awards for 2021 at this year's RSA Conference!
‘Thank you’ to everyone who visited us at CYBERSEC 2021!
Trend Micro co-organized this year's CYBERSEC, where they showcased TXOne Networks' adaptive ICS cybersecurity solutions, which are designed to ensure smart factory environments can keep the operation running with optimal safeguards deployed.
United States' Colonial Pipeline shut down by ransomware attack, halting supply of fuel to the East Coast
The United States’ Colonial Pipeline, critical to the East Coast’s supply of fuel, was forced to shut down operations on May 7th in the wake of a ransomware attack. The cybercriminal group DarkSide is suspected to have conducted the attack, a troubling turn of events as DarkSide is not connected to any government – a sign that independent threat groups are designing attacks specifically to target critical infrastructure. The best way to put a stop to such attacks is to stop them before they happen by deploying industry-friendly cyber defenses.
TXOne Networks launches the first-of-its-kind all-terrain endpoint protection platform, the Stellar series
Today, TXOne Networks released its first-of-its-kind all-terrain endpoint protection platform, the Stellar series! Secure legacy and modernized endpoints side-by-side, and manage them all from one centralized console: StellarOne.
OMRON has selected TXOne Networks as a solution partner in cybersecurity recommendations
Pursuing their mission “To improve lives and contribute to a better society”, OMRON has done much to further innovative technologies and perfect the sciences of automation. We’re deeply honored that they’ve recommended two of our solutions, the handheld installation-free Trend Micro Portable Security 3 and the transparent security box EdgeIPS, to secure the network edge.
TXOne Networks’ EdgeIPS Pro shortlisted for the 2021 SC Awards Europe
We’re delighted to share that TXOne Networks’ own EdgeIPS Pro has been shortlisted for the 2021 SC Awards Europe! Every year for the SC Awards, a team of industry luminaries evaluates the year’s innovations in cybersecurity, intent on discovering excellence.
OT Integrity, Step 2: Keep It Secure
Facing more sophisticated and versatile cyber attacks, enterprises need more staunch defenses. Deploying ICS network safeguards that are defensible and security-oriented is the first part of the puzzle. After that, an organization must keep those safeguards in good working order as well as have ways of responding to emergent threats.
OT Integrity, Step 1: Build It Secure
Facing more sophisticated cyber attacks, you need staunch defenses. In this blog post, the first of two parts, we’ll share how cybersecurity works based on two principles -- ‘build it secure’ and ‘keep it secure’. These two principles offer a reliable way to create an optimized security posture.
White Paper Release, ‘Cyber Defense for Semiconductor Foundries: Safeguarding Digital Innovation’
As the new SEMI standards 6565, 6506, and 6566 are developed to safeguard wafer fabs, they will require the support of new technology. Learn about the technologies crucial to keeping up with regulatory changes and providing essential work sites with transparent, operations-friendly security.
Our transparent security box, EdgeIPS, secures mining work sites
The EdgeIPS transparent security box is securing mining work sites as we speak thanks to its unique support for many different protocols and its ability to function well as a distributed solution. Secure plant operations with a resilient and flexible solution designed to support distributed operations.
TXOne introduces version 2.0 of their one-of-a-kind IoT/ICS Threat Atlas
TXOne’s Threat Atlas version 2.0 has now been released! The Atlas now offers hour-by-hour threat reporting from our sensors on any selected country. Check out which threats are most active in your region, and make sure your work sites are protected.
The perimeter firewall offers little security in a post-IoT world
The firewall was developed for the internet as it existed more than two decades ago. In the modern world of IoT and handheld devices, the perimeter firewall is no longer capable of securing the work site network. In this week’s blog, learn a little about the evolution of the firewall and why every work site needs a next-generation firewall.
Protect patient outcomes and private information with Safe Lock
When patient outcomes and protected health information are on the line and the healthcare industry comes under the direct attention of APT groups, centers need straightforward and resilient defenses. For protecting fixed-use medical assets, trust list-based 4-in-1 lockdown software Safe Lock is an ideal solution.
TXOne researcher Ta-Lun Yen discovers high-severity vulnerability in Siemens’ SIMATIC HMI panels
Last week, TXOne Networks' Ta-Lun Yen discovered a vulnerability in a Siemens HMI that can be exploited by an intruder to cause serious disruption on a work site's network. Work sites running Siemens' SIMATIC HMIs can mitigate threat by patching to the latest version.
The Zero Day Initiative is #1 for finding and documenting new ICS vulnerabilities and exposures in 2020
TXOne Networks’ Virtual Patch technology is crucial to the defense of unpatched and legacy devices, and one of the lynchpins of Virtual Patching is the support of the Zero Day Initiative (ZDI). It’s our pleasure to announce that ZDI discovered the most ICS vulnerabilities and exposures for 2020!
Video: How hackers take control of ICS and SCADA systems
Our threat researcher Mars Cheng was invited to give a talk at SINCON about how hackers take control of ICS and SCADA systems. It gives a hands-on look at hackers’ methods, as well as showing the direct hardware damage an intruder can cause to disrupt operations, before closing with the key strategies necessary to protect your work site.
TXOne Networks Solutions take the spotlight as Enterprise Security Magazine’s December cover story
It's our pleasure to share that TXOne Networks is Enterprise Security magazine's cover story for December 2020! Read about recent changes in the threat landscape, and the solutions that can prepare you to combat the new and versatile threats of this coming year.
TXOne makes Enterprise Security Magazine’s APAC top 10 enterprise security solution companies for 2020
We’re delighted to announce that TXOne Networks made Enterprise Security’s top 10 APAC companies offering enterprise security solutions for 2020!
Secure No More: The Myth of the Air Gap
It used to be that an air gap was an excellent way to safeguard sensitive assets, but the threat landscape has changed completely since then. Hardware, maintenance staff, and supply chain infection are all viable ways for cyber threats to compromise your air gap. Learn more about how these attack vectors can lead to cyber incidents inside your air gap, and what you can do to protect your air-gapped assets.
Secure Endpoints and Networks with Trust Listing
In this era of IT-OT convergence, cyber threats and malware are especially adaptive and flexible. The ideal cybersecurity solutions for countering such threats must be as straightforward and reliable as possible -- easy to deploy, and easy to adjust, providing a finely detailed level of control. One such solution is the trust list.
White Paper Release, ‘Securing Medical Devices with Trust Lists: Urgent Protection for Healthcare Centers’
With the ever-darkening shadow of cyber risk looming large over hospitals, how can we protect the fixed-use systems caregivers rely on to operate medical devices? Learn the latest cyber-defense methodology, tailored to the needs of healthcare centers, from our latest white paper.
Where does your work site fit into the 3 phases of Industry 4.0?
Knowing where your work site falls on the Industry 4.0 spectrum allows you to choose cybersecurity solutions tailored to your defensive needs.
White Paper Release, ‘Optimizing Network and Endpoint Resilience: Manufacturer Cybersecurity in the Era of Digital Transformation’
Learn about how to maximize work site defense while still ensuring operational continuity from TXOne Networks’ latest white paper, ‘Optimizing Network and Endpoint Resilience: Manufacturer Cybersecurity in the Era of Digital Transformation’.
Webinar: Strengthening Industrial Cybersecurity with Internal Segmentation
The Principal Security Architect for Trend Micro, Muthukumar Natarajan, teaches this half-hour webinar about the three different stages of adapting work sites into Industry 4.0, the common operational challenges that come with them, and other practical information that every OT stakeholder should know.
White Paper Release, ‘Network Segmentation: The OT Standard for Industry 4.0’
Our white paper 'Network Segmentation: the OT Standard for Industry 4.0' shares a comprehensive understanding of Network Segmentation technology, what's necessary to deploy it, and why it's essential to modern work sites.
The fourth industrial revolution brings with it a revolution in crime
New technology also creates new kinds of crime and vulnerability that must be warded off in order to maintain a successful business.
In the medical sector, unpatched and legacy systems are the weakest link
With cyber attacks on hospitals becoming much more common, it's important to pay special attention to the critical weak point in every hospital's cyber defenses: their unpatched and legacy devices.
Vulnerability CVE-2020-16226 Allows Easy Work Site Takeover
Vulnerability CVE-2020-16226, submitted by one of our own threat researchers, has a lot of potential to cause serious disruption in the hands of an intruder. Now's a great time to check over your ICS defenses.
The most up-to-date virus signatures are crucial to threat defense
TXOne Networks' threat researchers stay totally focused on creating in-depth vulnerability knowledge so they can identify signatures as soon as threats emerge.
Around-the-clock research keeps our solutions as resilient as possible
Threat specialists at TXOne Networks are foundational for our solutions' cutting-edge resilience as well as our ability to quickly come to grips with newly-discovered cyber threats.
Sharp Rise in Attacks on Healthcare Centers
The wave of attacks on hospitals predicted by INTERPOL for this year has now gone into full swing: recent weeks have been marked by another uptick in cyber-attacks affecting the medical sector, both in frequency and severity.
Windows XP source code leaks, significantly increasing risk of operation
With the leak of Windows XP's source code, the discovery of new vulnerabilities will now be faster and easier than ever.
With Zerologon, attackers can take over your network in about 3 seconds
Through the recently-emerged critical vulnerability, Zerologon (CVE-2020-1472), attackers can impersonate the identity of any computer on a network, bypassing authentication and tricking the domain controller or domain PCs into rapidly escalating their privileges.
Best Practices for Pharmaceutical Manufacturers with Trend Micro Portable Security 3
Learn about why half of the world's top 10 pharmaceutical companies choose TMPS3 to be a lynchpin of their cybersecurity routines, and just how they do that.
HITCON 2020: TXOne Networks’ CEO, Dr. Terence Liu, speaks about the current landscape for industrial cybersecurity
Our CEO, Dr. Terence Liu, delivered the keynote for HITCON 2020, Industrial Cybersecurity Landscape in 2020: Trends, Challenges, and Opportunities. Dr. Liu explains how the modern digital transformation is affecting ICS security, and how COVID-19 has changed the nature of work, creating new vulnerabilities.
EdgeIPS Pro: The world’s first intent-based industrial IPS array
TXOne Networks has perfected a new solution to the cybersecurity dilemmas of the IT-OT convergence – the first-of-its-kind intent-based industrial IPS array, EdgeIPS Pro. EdgeIPS Pro regiments segmenting, monitoring, and preventing threats from affecting large-scale production lines into a smooth and easily-organized routine.
Ricky Chen: Developing Cybersecurity for Healthcare
TXOne Networks' Business Development Director, Ricky Chen, gave a talk on Tuesday, Sept. 1, about cybersecurity for the healthcare sector. Read about the biggest threats the medical industry is facing, and how to protect against them.
3 ways to harden your ICS network
Though the specialized nature of factory equipment can make it difficult to harden, having multiple solutions for different parts of your ICS network or different kinds of systems makes the process much more manageable! Here are three strategies for hardening your network.
Put a shield around your legacy systems and unpatched devices
Legacy and unpatched systems are the most vulnerable to malware, and while a total update is out of the question due to cost or warranty limitations, don’t fear – we have a solution for you: virtual patching.
4 ways to reduce OT network attack surfaces
Attack surfaces are rapidly multiplying in our current technological environment. Through knowledge and application of these 4 methods, you can assure that you minimize attack surfaces and have a good general knowledge of where they're likely to form.
Light up your shadow OT with micro-segmentation
Deploy micro-segmentation to conveniently and elegantly limit privileges and access strictly on the basis of need.
To keep your factory running, choose protection tailored for your ICS protocols
To keep your factory running, choose protection tailored for your ICS protocols
C-More HMI Vulnerabilities, July 2020: Solutions
Check here to find IPS rules to prevent exploitation of the vulnerabilities recently discovered in C-More HMIs as of July 2020.
High risk vulnerability discovered in C-More HMIs
C-More human machine interfaces (HMIs) are extremely common in the ICS industry, and are used in a variety of critical infrastructure sectors, including manufacturing, waste water treatment, oil & gas, and smart power grids. TXOne Networks’ research team recently discovered that these HMIs are vulnerable to several kinds of severe cyber attack.
Are your endpoints protected against attacks targeting ICS?
Hackers are mastering the protocols of ICS systems and creating attacks specialized to take down ICS. Endpoints without modernized security systems are a major liability.
TXOne unveils its one-of-a-kind live IoT/ICS Threat Atlas
Our threat-hunting systems inspect malicious traffic that our sensors detect, and categorize it by signature, which is then output on the Threat Atlas with information about what the most common attacks are at this time.
Stop ransomware attacks from spreading with network segmentation
Network segmentation: by creating smaller secured areas, or “segments”, within your perimeter firewall, you give the sensitive areas of your network additional protection and ease of management.
Ripple20 Vulnerabilities Targeted in Critical IoT Devices
A wide range of fields will be affected by the newly-discovered (as of June 19, 2020) Ripple20 vulnerabilities, including medical, transportation, industrial control, and more.
Beyond the attack event from Taiwan GSN
Microsoft published a news story on April 16th, 2020  where they told the story of working with Taiwan’s Ministry of Justice Investigation Bureau (MJIB) to shut down a major IoT-based cyberthreat: a botnet operating within Taiwan’s Government Service Network (GSN).
MQTT Series #2: Potential risks of exposed MQTT brokers
There are over 47,000 exposed MQTT (Message Queuing Telemetry Transport) brokers which can be connected to without authentication. Sniffing the contents of their messages is easy. Learn more about risks of exposed MQTT brokers and how to mitigate exposure.
MQTT Series #1: Usage of MQTT in Our IoT & IIoT world
Message Queuing Telemetry Transport, or MQTT, is a lightweight publish-subscribe-based message transport protocol. It’s ideal for use in machine to machine (M2M) and Internet of Things (IoT) contexts. MQTT is getting more popular as the world of IoT and IIoT (Industrial IoT) expands. Read this article to learn more about MQTT brokers and applications.