The company insists on strict security measures to protect industrial systems.
Rockwell Automation strongly recommends that its customers disable all ICS management systems that are not designed to be connected to the Internet to prevent unauthorized or malicious cyber attacks. This measure is necessary due to increasing geopolitical tensions and increased activity of cybercriminals around the world.
The company insists on immediate action: users should check whether their devices have access to the Internet, and if so, disable them if they were not originally intended for public access. "Users should never configure their assets to connect directly from the Internet," Rockwell Automation emphasized.
Rejecting Internet connections will significantly reduce the likelihood of attacks and reduce vulnerability to external threats. The company also recommends that organizations that use Rockwell software solutions ensure that all necessary updates and patches are installed to protect against vulnerabilities affecting their products.
These vulnerabilities include:
The notice is also supported by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which recommends that users and administrators follow the outlined risk mitigation measures.
The recommendations also include a joint warning from CISA and the US National Security Agency (NSA) from 2020 about attackers exploiting vulnerabilities in operating technology systems (OT), which can pose a serious threat to critical infrastructure.
In recent years, groups of cybercriminals, including APT groups, have increasingly attacked OT/ICS systems to achieve political and economic goals, as well as to cause devastating consequences.
Attackers connect to publicly available programmable logic controllers (PLCs), altering the control logic and causing undesirable consequences.
Recent research presented at the March 2024 NDSS symposium showed that it is not very difficult for experienced attackers to conduct a Stuxnet-type attack by hacking web applications or human-machine interfaces embedded in PLCs.
Such attacks include tampering with sensor readings, disabling security alarms, and manipulating physical actuators. The introduction of web technologies in industrial management systems has led to new problems and challenges from cybersecurity.
The new PLC malware has significant advantages over existing attack methods, such as platform independence, ease of deployment, and high resilience, which allows attackers to perform malicious actions unnoticed without the need to implement control logic.
To ensure the security of OT and ICS networks, it is recommended to restrict access to system information, audit and protect remote access points, restrict access to network and management systems only for legitimate users, conduct regular security checks, and implement a dynamic network environment.
Rockwell Automation strongly recommends that its customers disable all ICS management systems that are not designed to be connected to the Internet to prevent unauthorized or malicious cyber attacks. This measure is necessary due to increasing geopolitical tensions and increased activity of cybercriminals around the world.
The company insists on immediate action: users should check whether their devices have access to the Internet, and if so, disable them if they were not originally intended for public access. "Users should never configure their assets to connect directly from the Internet," Rockwell Automation emphasized.
Rejecting Internet connections will significantly reduce the likelihood of attacks and reduce vulnerability to external threats. The company also recommends that organizations that use Rockwell software solutions ensure that all necessary updates and patches are installed to protect against vulnerabilities affecting their products.
These vulnerabilities include:
- CVE-2021-22681 (CVSS score: 10.0);
- CVE-2022-1159 (CVSS score: 7.7);
- CVE-2023-3595 (CVSS score: 9.8);
- CVE-2023-46290 (CVSS score: 8.1);
- CVE-2024-21914 (CVSS score: 5.3);
- CVE-2024-21915 (CVSS score: 9.0);
- CVE-2024-21917 (CVSS score: 9.8).
The notice is also supported by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which recommends that users and administrators follow the outlined risk mitigation measures.
The recommendations also include a joint warning from CISA and the US National Security Agency (NSA) from 2020 about attackers exploiting vulnerabilities in operating technology systems (OT), which can pose a serious threat to critical infrastructure.
In recent years, groups of cybercriminals, including APT groups, have increasingly attacked OT/ICS systems to achieve political and economic goals, as well as to cause devastating consequences.
Attackers connect to publicly available programmable logic controllers (PLCs), altering the control logic and causing undesirable consequences.
Recent research presented at the March 2024 NDSS symposium showed that it is not very difficult for experienced attackers to conduct a Stuxnet-type attack by hacking web applications or human-machine interfaces embedded in PLCs.
Such attacks include tampering with sensor readings, disabling security alarms, and manipulating physical actuators. The introduction of web technologies in industrial management systems has led to new problems and challenges from cybersecurity.
The new PLC malware has significant advantages over existing attack methods, such as platform independence, ease of deployment, and high resilience, which allows attackers to perform malicious actions unnoticed without the need to implement control logic.
To ensure the security of OT and ICS networks, it is recommended to restrict access to system information, audit and protect remote access points, restrict access to network and management systems only for legitimate users, conduct regular security checks, and implement a dynamic network environment.
