Critical Infrastructure Security, Vulnerability Management

Obfuscated cyberattacks likely with Delta OT monitoring product bugs

Malicious cyber activity could be deployed by threat actors without being undetected through the exploitation of four vulnerabilities in Delta Electronics' InfraSuite Device Master, which allows the tracking of industrial control systems, building sensors, and other operational technology systems in real time, according to SecurityWeek. Attackers could leverage the two critical bugs to facilitate arbitrary code execution even without authentication, while the other flaws given a high-severity rating could be abused to allow remote code execution and sensitive data exfiltration, with Trend Micro's Zero Day Initiative Head of Threat Awareness Dustin Childs noting potential utilization of the bugs to conceal security alerts regarding disrupted or damaged OT systems. "A successful exploit would allow the attacker to gain administrative privileges. They would be able to take any actions an administrator would normally be able to perform," said Childs, who added that such an attack has been performed to compromise an Iranian nuclear facility.

Related

Third-party ransomware attack threatens Sweden’s liquor supply

Swedish government-owned liquor retailer Systembolaget, which is the country's lone vendor of alcoholic beverages, has warned of a shortage of some beers, wines, and spirits across the country following a ransomware attack against its distributor Skanlog, which its CEO Mona Zuko has attributed to a North Korean state-sponsored threat operation, according to The Record, a news site by cybersecurity firm Recorded Future.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.