Andrew Ginter Tag

Recent shutdowns of the Colonial Pipeline and JBS meat packing plants are only the latest evidence of a continuing trend. Ransomware is responsible for all OT shut-downs due to cyber attacks since at least the beginning of 2020. New Article by Andrew Ginter, VP Industrial Security, Waterfall Securit

Defeating a a jump host with 2-factor authentication. Attackers use spear-phishing and custom malware attachments to target technicians authorized to log into a jump host. A technician activates their VPN and logs in using two-factor authentication. This activates the malware, giving attackers contr

Cell phone supply chain attack - attackers write a free cell-phone app. When cell phones with the app are carried into industrial control systems, the app scans for WiFi access points and reports the details over the Internet. Attackers then use phishing to extract the passwords for these networks a

Attackers write their own RAT malware & deploy on the IT network of a services company known to service the real target. The attackers compromise the laptops of personnel who routinely visit the real target and gain a foothold on the real target’s IT network, ultimately propagating to the ICS netw

An organized crime group develops a history of routine speculation on futures markets for gasoline. Then they damage equipment at a refinery by using known vulnerabilities on internet facing IT equipment. This cripples the supply, makes prices spike, and attackers profit from their speculation.

Nation state attackers use more sophisticated tools such as the BlackEnergy trojan to ultimately take over equipment on the ICS network and disable protective relays. The attack group then sends control commands to very quickly connect and disconnect power flows to parts of the grid, destroying larg

An attack group similar to the “Shadow Brokers” steals a list of zero days from a nation-state adversary and sells the list to an organized crime group. That group creates autonomous ransomware that jumps through firewalls via encrypted connections to file shares, causing an emergency shutdown a

There are voices in the industrial security community advocating a return to hard-wired protective relays, discarding two decades of progress in this space. But, a practical solution is to protect the protection. In power plants, as in high voltage substations, protective relays can be connected to

The US government acts to protect the electric grid - but there is only so much any government can do. Unlike physical conflicts, the only way to defeat the most sophisticated cyber attacks is for individual sites to take the lead

In this time of COVID-19 travel restrictions and quarantines, understanding options for safe, secure remote access to Industrial Sites and Control Centers is especially important. This post reviews 3 common options for secure remote access and support: server replication, Remote Screen View and Secu