Since there are plenty of threat monitoring sources throughout our industry, we thought it best not to repeat those concerning the Florida water treatment plant attack.  ThreatGEN believes it is worthwhile to have a lessons learned after the the dust settles though.  The reason we didn't release immediately after the ...

As a gamer, every time I hear "capture the flag", or "CTF", my memories bring me back to playing games like Team Fortress, Counter Strike, and other team FPS (First Person Shooter) games where you would literally try to steal (a.k.a. “capture”) the other team’s flag (usually placed deep within ...

Since the publication of the SolarWinds attack in December 2020, there have been countless breakdowns of the malware used, how it works, and what the implications are for organizations using Orion products in their IT infrastructure. As extensive as the coverage of the attack has been, we haven’t heard much ...

A lot of people play video games. According to NewZoo's article "Video Game Industry Statistics in 2020", in 2019 over 2.7 billion people played video games. That's more than 1 out of every 3 people who voluntarily spend their leisure time pursuing video games. Gamification is about trying to use ...

Either Mark Twain or the 19th century British Prime Minister Benjamin Disraeli said, "There are three kinds of lies: lies, damned lies, and cybersecurity statistics." There are three kinds of lies: lies, damned lies, and statistics."Mark Twain Quotes." Quotes.net. STANDS4 LLC, 2021. Web. 21 Jan. 2021. <https://www.quotes.net/quote/1647>. Parody aside, in the cybersecurity ...

Sugar Land, Texas (July 2, 2020) — ThreatGEN, an operational technology (OT) security firm, releases its second video in its Red vs. Blue Academy OT security educational series entitled "OT/ICS Cybersecurity Kill Chain, Technical Demo". In this video, Pascal Ackerman demonstrates an OT/ICS cybersecurity attack on a control system, from ...

In this article I will take you through the process of performing an internet exposure check for your ICS. We will look at what “exposure” means in the realm of networking, followed by a sample search for the internet exposure of a random IP address that I chose for no ...

I wanted to take some time today and share with you my thoughts on fundamental ICS (cyber)security. With all these shiny new and expensive OT-centric security products getting released over the past few years, it might be tempting to start thinking that securing your industrial environment will be achievable with ...

If you follow my posts on LinkedIn, you might recall an article I shared about a week or two ago about a new malware campaign that was uncovered, targeting ICS companies in the US utilities industry. If you missed the post or want to reread the article, here is the ...

This is my first blog post as principal threat analyst with ThreatGEN. The intent is to release a somewhat weekly security news aggregate article with a preference for Industrial security threat articles and a strong technical emphasis on things. Well, I will start that ritual next week, because this week ...