"OT Network Security Myths Busted in a Pair of Hacks"

Two recently released studies highlight the hidden dangers to physical operations in today's Operational Technology (OT) networks posed by wireless devices, cloud-based applications, and nested networks of Programmable Logic Controllers (PLCs), effectively disproving traditional insight regarding the security of network segmentation and third-party network connections. In one set of discoveries, a Forescout Technologies research team was able to circumvent safety and functional guardrails in an OT network and move laterally across different network segments at the lowest network levels. Researchers exploited two newly discovered Schneider Modicon M340 PLC vulnerabilities to compromise the PLC and escalate the attack. In another study, a team of researchers from the ICS security company Otorio discovered 38 vulnerabilities in products such as cellular routers from Sierra Wireless and InHand Networks, as well as a remote access server for machines from ETIC Telecom. Dozens of additional vulnerabilities are still in the disclosure process with affected companies and were not identified in the study. The vulnerabilities include two dozen Web interface bugs that could provide the attacker a direct line of access to OT networks. This article continues to discuss the findings from the two new studies that have highlighted cyber threats to physical operations in OT networks. 

Dark Reading reports "OT Network Security Myths Busted in a Pair of Hacks"