Skip to content

經過22年的優異成績,ESET停止參與VB100和VBSpam測試

BRATISLAVA – ESET, a global leader in cybersecurity, today announces it is ‘graduating’ from its participation in the VB100 and VBSpam tests, following a final assessment in August 2020 by Virus Bulletin (VB). The VB100 test was one of the first relevant global antivirus tests, as executed by the world-renowned independent testing and certification body Virus Bulletin. After 22 years of outstanding results, ESET is refocusing its testing participation to reflect the evolved cybersecurity landscape.

As the endpoint security provider with the highest number of awards in the VB100, and an 18-year passing streak from 2002 to 2020, ESET is immensely proud of its achievements. Highlights from ESET’s participation in the test include the very first test passed in May 1998, followed by a consistent performance since June 2002 of 0 false positives, a 100% WildList detection rate and solid product stability and performance.

Over the past 22 years, ESET has participated in 135 VB100 tests covering 23 operating systems, all the way from Windows 95 to Windows 10. All major ESET products have been evaluated across both the enterprise and consumer segments, including ESET Endpoint Security and ESET Internet Security.

Due to the increasing sophistication of cyber threats, along with our newly developed detection and prevention technologies, ESET will focus on advanced forms of testing that can help improve endpoint detection and response (EDR) capabilities, especially against the techniques employed by APT groups and Ransomware.

Juraj Malcho, Chief Technology Officer at ESET, commented, “Although our participation in VB100 testing has now come to an end, we are immensely proud of the results we have achieved over the last 22 years. It has been a privilege to be involved in one of the pioneering AV tests, and we value the insight and validation that has come over the last two decades.”

Ignacio Sbampato, Chief Business Officer at ESET, added, “ESET is the only Endpoint Security vendor that had 0 false positive and the top detection rate in any test or certification for 18 years in a row. Solid and successful test results are essential in maintaining our reputation for award-winning, cutting-edge cybersecurity solutions. It is our mission to provide a safe and secure technology experience for businesses and consumers around the world, and to ensure that we are one step ahead of potential threats. With the malware landscape becoming increasingly sophisticated, we look forward to engaging in some of the advanced evaluations that can strenuously test our EDR capabilities.”

Learn more about ESET’s award-winning solutions here.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

【重要訊息公告】ESET 關於 macOS Big Sur 的兼容問題?

【重要訊息公告】ESET 關於 macOS Big Sur 的兼容問題?

目前macOS Big Sur(11)尚未正式上路,ESET也持續發布可與macOS Big Sur兼容性之產品新版本,直到Apple發布完整版本,故若您的ESET軟體尚未更新至6.10.x建議您可以嘗試升級;倘若在Apple正式發布macOS Big Sur後,但您尚未預計更新至macOS Big Sur (11),新版ESET依然為您守護您的macOS 10.12~macOS 10.15之裝置。

ESET與macOS Big Sur兼容的產品版本

日前ESET在2020/10中旬已陸續發布與macOS Big Sur (11)兼容的產品系列版本﹔

  • ESET Endpoint Security for Mac ( v6.10.300.1 )
  • ESET Endpoint Antivirus for Mac ( v6.10.300.1 )
  • ESET Cyber Security ( v6.10.333.0 )
  • ESET Cyber Security Pro ( v6.10.333.0 )
  • Live installer package for Mac ( ESET Cloud Administrator )

ESET限度支援

ESET在Apple發布macOS Big Sur公測版後,便極力研究mac更版後的兼容性問題,但由於目前Apple依然未發布macOS Big Sur正式版本,故ESET並無法提供完全相容於macOS Big Sur之產品。

倘若您在macOS Big Sur (11)使用ESET部分產品會缺少下列功能,

  • 裝置控制(所有產品)
  • Web 存取防護(所有產品)
  • Web控制(ESET Endpoint Security for macOS)
  • 家長控制(ESET Cyber Security Pro)
  • 防火牆(ESET Endpoint Security for macOS and ESET Cyber Security Pro)

若您未使用上述功能,您可先ESET升級後再將裝置升級至mac Big Sur (11)。

ESET全力支援較舊版macOS

ESET產品v6.10依然為您守護macOS 10.12~macOS 10.15,且所有功能皆可使用。

如何守護您的裝置?

為了使您的裝置能受到ESET的完整守護,建議您先升級ESET產品至v6.10再將您的mac裝置升級至macOS Big Sur。

操作系統支持

ESET 產品版本

mac版

macOS 10.12 – macOS 10.15
支援程度

macOS Big Sur (11)
支援程度

預計發布

6.9

全面支援

不支持

已發行

6.10.x

全面支援

缺少部分功能:
裝置控制
Web 存取防護
Web控制
防火牆

2020年10月中旬已發行

6.10.y

全面支援

缺少部分功能:
裝置控制

2020年11月上旬

6.10.z

全面支援

全面支援

2020年12月

操作系統支持

狀況一:已經將mac升級成macOS Big Sur,且您的mac已有安裝6.9(含以下)之ESET產品,您將會收到下列訊息:

不支援的macOS版本
此ESET產品已不支援您的macOS之版本 (10.16)

解決方式:您可以至下列載點下載安裝最新版本之ESET軟體

企業產品

家用產品

ESET Endpoint Antivirus for macOS

ESET Cyber Security Pro

ESET Endpoint Security for macOS

ESET Cyber Security

狀況二:您是ESET主控台(ESMC)的管理者,您的使用者端已將mac升級成macOS Big Sur,且已安裝6.9(含以下)之ESET產品,您的ESMC將收到下列訊息,

產品已安裝但無法運行

您的使用者會有下列訊息:

不支援的macOS版本
此ESET產品已不支援您的macOS之版本 (10.16)

解決方式:

  • 1. 【開啟ESMC】→【工作】→【新增】→【用戶端工作】→【工作:軟體安裝】

    ※ 在選擇套件軟體請留意版本&語言

  • 2. 點擊【建立觸發程序】

  • 3. 選擇要更新軟體之client端【目標】→【新增電腦/群組】

用上述2種方式,將ESET軟體更新,若有其他問題將相關截圖傳送至:support@version-2.tw

諾貝爾獎獲得者基普·索恩(Kip Thorne)說,世界領導人和公民必須聽取科學家的意見,以解決全球危機

Science is key to solving global problems such as pandemics and climate change, but we need leaders who listen to science. Physics professor and Nobel Prize Laureate Kip Thorne, who chaired the international jury of the ESET Science Award, called for respect for science in his speech. The ESET Science Award is an ambitious project run by global cybersecurity company ESET, which recognizes the best scientists in Slovakia whose work makes a difference on a global scale.

Bratislava, Slovakia, October 15 – Professor Kip Thorne received the 2017 Nobel Prize in Physics for the first direct detection of gravitational waves whose signal was generated by the collision of two black holes 1.3 billion years ago. Professor Thorne is not only a phenomenal scientist, but he also consulted on and co-authored Christopher Nolan’s blockbuster film Interstellar.

In his latest speech as the ESET Science Award international jury chair, Professor Thorne pointed out the importance of listening to scientists and respecting scientific knowledge.

“Science and technology based on scientific research are key to solving problems such as pandemics or climate change. But I consider it equally important to encourage the respect of politicians and the public for science and scientists.”
Professor Thorne reiterated that viral diseases are one of humanity’s most serious problems today. “Many countries have ignored the voice of scientists in dealing with the pandemic. Slovakia can be a positive example for the world, on how scientific solutions can save many lives,” he explained with regards to the current COVID-19 situation, while pointing out the original Slovak research on the coronavirus.

Funded by the ESET Foundation, a team of Slovak scientists developed their own internationally validated COVID-19 tests. In a rapid response to the pandemic, the team donated 100,000 kits for routine testing to the Slovak Republic and has made the tests available to other countries.

Since joining as the chair of the international jury of the second year of the ESET Science Award, Professor Thorne is dedicated to support the initiative in the coming years. The ESET Foundation and ESET continue in their goal of supporting and recognizing scientists and researchers in Slovakia – and, in the future, in other parts of the world.

“We need new generations of leaders who will lead the world to responsible and science-based solutions. The key benefit of the ESET Science Award is this inspiration and recognition of how important science is for society,” said Professor Thorne.

The ESET Science Award is held under the auspices of Zuzana Čaputová, President of the Slovak Republic, and has received praise from international personalities such as Sir Roger Penrose, who is one the recipients of the 2020 Nobel Prize for Physics.

“I believe that the authority of science and scientists should be taken into account in the public discourse too. Because not only do we live in an era with a global pandemic, but also an infodemic, one which is defined by the systematic production of misinformation,” Mrs. Čaputová said in her opening address.
At the ceremony, Fedor Šimkovic was named laureate in the category Outstanding Personality of Slovak Science, Tamás Csanádi was named winner in the Outstanding Young Scientist under 35 category, and Ivan Varga became the Outstanding University Teacher laureate.

The ESET Science Award jury comprised other excellent scientists and researchers, namely, the Czech chemist Hana Dvořáková, British biologist Fiona Watt, German physicist Rolf-Dieter Heuer (former Director of CERN), German chemist Ralf Riedel and Hungarian mathematician Tibor Krisztin.

For more information, visit www.esetscienceaward.sk/enwatch Professor Thorne’svideo hereand read more about the winners at here.

*Notes to editors
Photography available on request.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

三菱電機MELSEC iQ-R系列CPU中的CVSS 8.6 DoS漏洞

Our Researchers Discover Another Vulnerability 

As part of our mission to secure the world’s OT, IoT and Cyber Physical infrastructures, we invest resources into offensive research of vulnerabilities and attack techniques.

CVE-2020-16850 (US ICS-CERT) is a CVSS 8.6 remote CPU DoS vulnerability in Mitsubishi Electric iQ-R Series that has been discovered by SCADAfence researcher Yossi Reuven.

Mitsubishi Electric is one of the world’s leading electronics and electrical equipment manufacturing companies, and is in use by many of our customers. We have been working with Mitsubishi Electric for the last few months in handling multiple vulnerabilities, and on October 8th, Mitsubishi Electric published an official security advisory reporting this vulnerability and its mitigations.

About The Vulnerability – CVE-2020-16850

MELSEC iQ-R Series is Mitsubishi Electric flagship product line – designed for high productivity automation systems. iQ-R CPUs’ communication with GX Works 3 (Engineering software package) is done via Mitsubishi Electric proprietary protocol MELSOFT (which works on both TCP and UDP).

single specially crafted packet sent by an attacker over the MELSOFT UDP protocol on port 5006 will cause a denial-of-service (DoS) vulnerability due to uncontrolled resource consumption (CWE-400). The PLC’s CPU will get into fault mode, causing a hardware failure (error code: 0x3C00 – hardware failure). The PLC then becomes unresponsive and requires a manual restart to recover.

What SCADAfence Recommends Vendors To Do

Perform an Industrial Vulnerability Management Process

Please refer to our guide on this topic: https://www.scadafence.com/public-preview-a-comprehensive-guide-to-industrial-device-patching/

Monitor for Unauthorized Network Activity and Exploitation

Some devices will always remain unpatched. Monitoring is an early warning system that allows you to act before attackers have gained full control over your network.

Upgrade to the Latest Firmware (When Available)

Currently no firmware update is available (will be released soon by Mitsubishi Electric)

Prevent Unauthorized and Untrusted Access

– Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.

– Use within a LAN and block access from untrusted networks and hosts through firewalls.

Block UDP Port 5006 and Use MELSOFT TCP

MELSOFT is an engineering software for Mitsubishi PLCs and gives users the option to use either the (connectionless) UDP and (connection-oriented) TCP protocols for programming and configuring the devices. SCADAfence recommends to block Block UDP port 5006 since the cyberattack leverages the connectionless UDP protocol and can cause the PLCs to stop functioning and cause a denial of service. Instead, users should use the TCP protocol for communicating with devices in the shop floor or the control network.

Special Thanks & Recognition

The SCADAfence Research team would like to thank the Mitsubishi Electric team for a speedy vulnerability reporting process even during the challenging COVID-19 times.

SCADAfence is committed to continued research of offensive technologies and development of new defensive technologies.

Exploit PoC

We wrote a Python POC (GPLv3) script of the exploit in action.

Currently, there’s no patch available. As a result, we limit the access to the exploit to vetted individuals only. The exploit is only available for educational and legal research purposes.

Warning: The script will crash the PLC’s CPU – do not use it in production.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

【重要訊息公告】您的產品已過期

以下通知主要為ESET與Microsoft Windows有兼容性或是安全性更新之必要 以及由於ESET Management Agent的憑證將於今年年底過期,所以需升級到最新版本以避免產品品過期,須請您將ESET軟體利用手動或由ESMC更新成 v7.3或以上之新版本,排除以下狀況。

近期您的 ESET 軟體會顯示下列通知:

  • 若要在 Windows 7 上繼續使用我們的產品,請安裝導入 SHA2 代碼簽署支援的 Windows 更新 (請參考 Microsoft 的說明),然後在 2020 年 12 月前升級到 ESET 產品的最新版本。 查看您的選項: https://support-eol.eset.com/en/trending_vista_7.html
  • 您目前的產品版本即將不受 Microsoft Windows 10 支援。請於 2020 年 12 月前升級到版本 7.3 或更新版本,以繼續接受完整防護和特色功能。使用具有效性的授權,無須額外費用即可升級。 查看您的選項: https://support-eol.eset.com/en/trending_win_10.html
  • 您目前的ESET Management Agent已過期,不再完全相容您的安全性產品,請升級到版本7.2或更新版本,並確保您的ESET Security Managemente Center版本為7.2或更新版本,查看您的選項: https://support.eset.com/kb7465

➢ 手動更新:

ESET Endpoint Antivirus ESET Endpoint Security
新版載點 新版載點

※ Windows 7若無法安裝最新版本,請更新Windows KB4474419、KB4490628(說明)

➢ ESMC更新

  • 若您的電腦出現ESET Management Agent已過期,請依據下列步驟進行執行,由於agent程式建議需與主控台版本一致,所以主控台也需更新。
  • ERA版本升級到ESMC7.3版本的說明文件,詳細說明文件可點此 之後須注意由於ESMC的系統需求與ERA不相同,可先參考此表格
  • 若windows server 小於2012,則需新建立一個環境搭載新OS的伺服器來作安裝,後續再將設定遷移到新伺服器上(遷移工具說明)
  • 此外若ERA版本非6.5,建議您可先透過ERA的元件升級將版本升級到6.5後再作下列操作。 可參考(ERA6.x升級到6.5)
  • 到官網下載新版ESMC安裝包,執行後選擇升級ESMC All in one安裝包【安裝】→【升級所有元件】
  • ESMC升級注意事項可參考此篇文章說明
  • 須注意主控台升級時需將憑證匯出備份避免後續若發生錯誤時可以重新回復。
  • 資料庫備份之說明可參考資料庫伺服器備份/更新與 ESMC 資料庫遷移

➢ Agent更新:

Agent升級部分可參考元件升級部分,

圖1:【工作】→【新增】→【用戶端工作】→【工作:Security Management Center 元件升級】

圖2:之後進入觸發動作選擇目標電腦

即可進行agent更新。

➢ 用戶端防毒軟體更新:

圖1:【工作】→【新增】→【用戶端工作】→【工作:軟體安裝】

圖2:

圖3:點擊【建立觸發程序】

圖4:選擇要更新軟體之client端 【目標】→【新增電腦/群組】

用上述2種方式,將ESET軟體更新。若有其他問題將相關截圖傳送至:support@version-2.tw

OT&IoT網絡安全摘要– 2020年10月

News Post SCADAfence Main-1

Hey, I’m SCADAGirl.

I’m a cybersecurity superhero that ensures that OT & IoT networks are safe.

Here is my commentary on the latest headlines in OT & IoT security.

News Post SCADAfence2

ICS Advisory (ICSA-20-240-01) Red Lion N-Tron 702-W, 702M12-W

SCADAgirl SCADAfence Research – ICS Ethernet Switches used in Industrial Networks by manufacturer Red Lion are exposed to Remote Command Injection. The switches types are 702-W and 702M12-W. Read More 

News Post SCADAfence Oct 1-1

Critical Vulnerabilities Expose MoFi Routers to Remote Attacks

SCADAgirl SCADAfence Research  – IOT Routers made by MoFi network are vulnerable to Remote Code Execution vulnerabilities. The series affected is MOFI4500, which includes several routers which includes WIFI and 4g capabilities. Companies utilizing such routers for mobile or remote connectivity should check their devices for updates. Read More

News Post SCADAfence Oct 2

BLURtooth Vulnerability Lets Attackers Defeat Bluetooth Encryption

SCADAgirlSCADAfence Research – IOT BLURtooth vulnerability exposes new generations of bluetooth-enabled devices to MITM attacks. Academic researchers have discovered that certain implementations of Bluetooth 4.0 to 5.0 suffer from weak key generation and thus allow MITM to take place. Read More

News Post SCADAfence Oct 3

Netwalker Ransomware Hits Pakistan’s Largest Private Power Utility

SCADAgirlSCADAfence Research – Netwalker Ransomware hits the largest private power company in Pakistan. The ransomware caused disruption in billing and online services. Read More 

News Post SCADAfence Oct 7

Windows Zerologon PoC Exploits Allow Domain Takeover. Patch This Now!

SCADAgirlSCADAfence Research – A PoC was released for the Zerologon vulnerability, which allows attackers to gain Domain Admin privileges and take over windows domain environments. The vulnerability CVE-2020-1472 was patched by Microsoft in the last August update. The vulnerability occurs when an attempt to login as a domain administrator is made, and a spoofed response is sent to the client telling the login succeeded. The vulnerability relies on the fact that it is possible to fallback to unencrypted RPC, and after that, using a security flaw found in Netlogon AES-CFB8 cryptographic negotiation. Please read more for the full article & the POC code. Read More 

News Post SCADAfence Oct 8

Ransomware Attack at German Hospital Leads to Death of Patient

SCADAgirl SCADAfence Research – Ransomware attack at a German hospital leads to the death of a patient. The ransomware attack lead to the situation where emergency care could not occur at the hospital, and a patient in a life-threatening condition died after being forced to go to a more distant hospital. Read More

News Post SCADAfence2

ICS Advisory (ICSA-13-011-01)

SCADAgirl SCADAfence Research – Devices running CoDeSys are vulnerable to read/write any files on devices running it. Also devices running CoDeSys require no authentication by default, making attackers able to change the device configuration. Read More

News Post SCADAfence Oct 9

The Windows XP Source Code Was Allegedly Leaked Online

SCADAgirl SCADAfence Research – Windows XP Source code was leaked online, and can be downloaded by a torrent. The leaked source code may help attackers find new, yet unknown, vulnerabilities in, even new, Windows operating systems. Read More 

News Post SCADAfence Oct 10

Ransomware Hits US-Based Arthur J. Gallagher Insurance Giant

SCADAgirl SCADAfence Research – US-based Arthur J. Gallagher (AJG) global insurance brokerage and risk management firm confirmed a ransomware attack that hit its systems. Read More 

News Post SCADAfence Oct 12

UHS Hospitals Hit by Reported Country-Wide Ryuk Ransomware Attack

SCADAgirl SCADAfence Research – UHS hospitals hit by reported country-wide Ryuk ransomware attack, shutting down a few of its hospitals.

“After 1min or so of this the computers logged out and shutdown. When you try to power back on the computers they automatically just shutdown. “We have no access to anything computer based including old labs, ekg’s, or radiology studies. We have no access to our PACS radiology system.” Read More

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

管理難以管理的OT和IT基礎架構

As industrial systems become increasingly connected to IT, Cloud and ERP systems, they become increasingly exposed to cyber threats such as ransomware. In fact, cyber threats for industrial control systems (ICS) are on the rise.

Asset owners are often operating legacy equipment, which contains a large number of vulnerabilities, including unpatched industrial devices, unsupported operating systems like Windows XP and Windows 7, and others. Although this equipment may be productive for now, it is not secure, and the level of risk rises with time.

SCADAfence runs into these problems constantly with their customers as their industrial cybersecurity products were designed to help their users get through these security obstacles, such as aging equipment, the adoption of IIoT devices in Industry 4.0, and visibility gaps. As SCADAfence helps their customers drive their security and regain control over their network, here are some of the problems that they see in their industrial environments.

The Challenges SCADAfence Sees In Industrial Networks Today

Asset management is often managed with cumbersome Excel sheets, which is often inaccurate, and outdated. Security teams and OT operators need to know about real-time deviations in network traffic to account for cyberattacks like Malware or Ransomware, which can spread in minutes.

When having SCADAfence installed passively in their network, their customers often discover tens to hundreds of “shadow” OT devices or devices that the operators didn’t know existed. Even worse, many of the unaccounted for devices may be connected to the internet.

Four Ways to Solve These Constant Industrial Network Challenges

1. Maximum Rate Bandwidth for Increased Data Analysis 
The SCADAfence Platform was built to handle large amounts of traffic. Utilizing Garland Technology’s visibility solutions, they read every bit, byte, and packet using full deep packet inspection (DPI) to have the highest detection rate in the industry. Most industrial network monitoring platforms don’t have the bandwidth to process this sizable data.

2. Setting an Operational Baseline with Advanced AI Capabilities 
SCADAfence also offers a unique Micro Granular Baseline technology. This technology learns every device’s granular traffic characteristics. Providing the most accurate detection mechanism, this unique technology helps their customers to dramatically reduce false-positives without the need to reconfigure the baseline, even with operational changes. Customers gain precise and reliable results in hours vs weeks, with continuous intelligence utilizing advanced AI capabilities.

3. Instant Analytics and Reporting for Governance and Compliance  
The SCADAfence Governance Portal, provides fully automated compliance dashboards and detailed compliance reports, which allows their customers to view status trends and comparisons over time. These accurate and up-to-date compliance status are based on real network traffic data analytics that tracks and measure industrial regulations and organizational best practices.

This is especially important to critical infrastructures, which have to meet certain frameworks and compliances to work under the correct guidelines. This tool ensures that their customers can remain fully compliant with industrial standards such as NERC-CIPIEC-62443NISTISO-27001, NIS NCSC, NIST CSF, and others – including internal policies that can be set up by their own organizations.

Taking in the packet traffic from Garland’s network TAPs, SCADAfence’s stand-alone monitoring will passively scan the traffic from every appliance with the utmost industry standards. Users can choose the industry standard that they want to be compliant with and the Governance Portal will show updated real-time reports in clear detail. SCADAfence finds that their customers find this incredibly valuable and time-efficient.

4. 100% Packet-level Network Visibility with Garland Technology 
It’s very important with a network monitoring solution to not be intrusive in your OT process. SCADAfence offers continuous passive OT network monitoring that provides visibility, automatic asset discovery, inventory management, risk management, and threat detection is needed to capture the current operational behavior of the environment.

Generating 100% packet-level visibility with Garland’s visibility solution, SCADAfence is able to render critical insights to detect and provide alerts on cybersecurity and operational incidents like suspicious activities, exposures, malware attacks, and operational alerts such as service availability, and misconfigurations. This allows users to gain unique visibility into remote access connections and correlate OT actions to IT accounts.

For more information visit the Garland Technology and SCADAfence joint solution.  Looking to add visibility to your industrial environment, but not sure where to start?  Join us for a brief network Design-IT consultation or demo. No obligation – it’s what we love to do.

The original post can be found on garlandtechnology.com

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

OT&IoT網絡安全摘要– 2020年10月

News Post SCADAfence Main-1

Hey, I’m SCADAGirl.

I’m a cybersecurity superhero that ensures that OT & IoT networks are safe.

Here is my commentary on the latest headlines in OT & IoT security.

News Post SCADAfence2

ICS Advisory (ICSA-20-240-01) Red Lion N-Tron 702-W, 702M12-W

SCADAgirl SCADAfence Research – ICS Ethernet Switches used in Industrial Networks by manufacturer Red Lion are exposed to Remote Command Injection. The switches types are 702-W and 702M12-W. Read More 

News Post SCADAfence Oct 1-1

Critical Vulnerabilities Expose MoFi Routers to Remote Attacks

SCADAgirl SCADAfence Research  – IOT Routers made by MoFi network are vulnerable to Remote Code Execution vulnerabilities. The series affected is MOFI4500, which includes several routers which includes WIFI and 4g capabilities. Companies utilizing such routers for mobile or remote connectivity should check their devices for updates. Read More

News Post SCADAfence Oct 2

BLURtooth Vulnerability Lets Attackers Defeat Bluetooth Encryption

SCADAgirlSCADAfence Research – IOT BLURtooth vulnerability exposes new generations of bluetooth-enabled devices to MITM attacks. Academic researchers have discovered that certain implementations of Bluetooth 4.0 to 5.0 suffer from weak key generation and thus allow MITM to take place. Read More

News Post SCADAfence Oct 3

Netwalker Ransomware Hits Pakistan’s Largest Private Power Utility

SCADAgirlSCADAfence Research – Netwalker Ransomware hits the largest private power company in Pakistan. The ransomware caused disruption in billing and online services. Read More 

News Post SCADAfence Oct 7

Windows Zerologon PoC Exploits Allow Domain Takeover. Patch This Now!

SCADAgirlSCADAfence Research – A PoC was released for the Zerologon vulnerability, which allows attackers to gain Domain Admin privileges and take over windows domain environments. The vulnerability CVE-2020-1472 was patched by Microsoft in the last August update. The vulnerability occurs when an attempt to login as a domain administrator is made, and a spoofed response is sent to the client telling the login succeeded. The vulnerability relies on the fact that it is possible to fallback to unencrypted RPC, and after that, using a security flaw found in Netlogon AES-CFB8 cryptographic negotiation. Please read more for the full article & the POC code. Read More 

News Post SCADAfence Oct 8

Ransomware Attack at German Hospital Leads to Death of Patient

SCADAgirl SCADAfence Research – Ransomware attack at a German hospital leads to the death of a patient. The ransomware attack lead to the situation where emergency care could not occur at the hospital, and a patient in a life-threatening condition died after being forced to go to a more distant hospital. Read More

News Post SCADAfence2

ICS Advisory (ICSA-13-011-01)

SCADAgirl SCADAfence Research – Devices running CoDeSys are vulnerable to read/write any files on devices running it. Also devices running CoDeSys require no authentication by default, making attackers able to change the device configuration. Read More

News Post SCADAfence Oct 9

The Windows XP Source Code Was Allegedly Leaked Online

SCADAgirl SCADAfence Research – Windows XP Source code was leaked online, and can be downloaded by a torrent. The leaked source code may help attackers find new, yet unknown, vulnerabilities in, even new, Windows operating systems. Read More 

News Post SCADAfence Oct 10

Ransomware Hits US-Based Arthur J. Gallagher Insurance Giant

SCADAgirl SCADAfence Research – US-based Arthur J. Gallagher (AJG) global insurance brokerage and risk management firm confirmed a ransomware attack that hit its systems. Read More 

News Post SCADAfence Oct 12

UHS Hospitals Hit by Reported Country-Wide Ryuk Ransomware Attack

SCADAgirl SCADAfence Research – UHS hospitals hit by reported country-wide Ryuk ransomware attack, shutting down a few of its hospitals.

“After 1min or so of this the computers logged out and shutdown. When you try to power back on the computers they automatically just shutdown. “We have no access to anything computer based including old labs, ekg’s, or radiology studies. We have no access to our PACS radiology system.” Read More

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

管理難以管理的OT和IT基礎架構

As industrial systems become increasingly connected to IT, Cloud and ERP systems, they become increasingly exposed to cyber threats such as ransomware. In fact, cyber threats for industrial control systems (ICS) are on the rise.

Asset owners are often operating legacy equipment, which contains a large number of vulnerabilities, including unpatched industrial devices, unsupported operating systems like Windows XP and Windows 7, and others. Although this equipment may be productive for now, it is not secure, and the level of risk rises with time.

SCADAfence runs into these problems constantly with their customers as their industrial cybersecurity products were designed to help their users get through these security obstacles, such as aging equipment, the adoption of IIoT devices in Industry 4.0, and visibility gaps. As SCADAfence helps their customers drive their security and regain control over their network, here are some of the problems that they see in their industrial environments.

The Challenges SCADAfence Sees In Industrial Networks Today

Asset management is often managed with cumbersome Excel sheets, which is often inaccurate, and outdated. Security teams and OT operators need to know about real-time deviations in network traffic to account for cyberattacks like Malware or Ransomware, which can spread in minutes.

When having SCADAfence installed passively in their network, their customers often discover tens to hundreds of “shadow” OT devices or devices that the operators didn’t know existed. Even worse, many of the unaccounted for devices may be connected to the internet.

Four Ways to Solve These Constant Industrial Network Challenges

1. Maximum Rate Bandwidth for Increased Data Analysis  The SCADAfence Platform was built to handle large amounts of traffic. Utilizing Garland Technology’s visibility solutions, they read every bit, byte, and packet using full deep packet inspection (DPI) to have the highest detection rate in the industry. Most industrial network monitoring platforms don’t have the bandwidth to process this sizable data.

2. Setting an Operational Baseline with Advanced AI Capabilities  SCADAfence also offers a unique Micro Granular Baseline technology. This technology learns every device’s granular traffic characteristics. Providing the most accurate detection mechanism, this unique technology helps their customers to dramatically reduce false-positives without the need to reconfigure the baseline, even with operational changes. Customers gain precise and reliable results in hours vs weeks, with continuous intelligence utilizing advanced AI capabilities.

3. Instant Analytics and Reporting for Governance and Compliance   The SCADAfence Governance Portal, provides fully automated compliance dashboards and detailed compliance reports, which allows their customers to view status trends and comparisons over time. These accurate and up-to-date compliance status are based on real network traffic data analytics that tracks and measure industrial regulations and organizational best practices.

This is especially important to critical infrastructures, which have to meet certain frameworks and compliances to work under the correct guidelines. This tool ensures that their customers can remain fully compliant with industrial standards such as NERC-CIPIEC-62443NISTISO-27001, NIS NCSC, NIST CSF, and others – including internal policies that can be set up by their own organizations.

Taking in the packet traffic from Garland’s network TAPs, SCADAfence’s stand-alone monitoring will passively scan the traffic from every appliance with the utmost industry standards. Users can choose the industry standard that they want to be compliant with and the Governance Portal will show updated real-time reports in clear detail. SCADAfence finds that their customers find this incredibly valuable and time-efficient.

4. 100% Packet-level Network Visibility with Garland Technology  It’s very important with a network monitoring solution to not be intrusive in your OT process. SCADAfence offers continuous passive OT network monitoring that provides visibility, automatic asset discovery, inventory management, risk management, and threat detection is needed to capture the current operational behavior of the environment.

Generating 100% packet-level visibility with Garland’s visibility solution, SCADAfence is able to render critical insights to detect and provide alerts on cybersecurity and operational incidents like suspicious activities, exposures, malware attacks, and operational alerts such as service availability, and misconfigurations. This allows users to gain unique visibility into remote access connections and correlate OT actions to IT accounts.

For more information visit the Garland Technology and SCADAfence joint solution.  Looking to add visibility to your industrial environment, but not sure where to start?  Join us for a brief network Design-IT consultation or demo. No obligation – it’s what we love to do.

The original post can be found on garlandtechnology.com

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.