Blended Threats: VPN Bugs Could Cause Physical Impacts with Critical Lifeline Sectors

In a blog post on 28 Jul, security researchers at Claroty shared that they have “discovered remote code execution vulnerabilities affecting virtual private network (VPN) implementations primarily used to provide remote access to operational technology (OT) networks. These dedicated remote access solutions are mainly focused on the industrial control system (ICS) industry… Exploiting these vulnerabilities can give an attacker direct access to the field devices and cause some physical damage.”

At Gate 15, we spend a lot of time discussing Blended Threats. A Blended Threat is a natural, accidental, or purposeful physical or cyber danger that has or indicates the potential to have crossover impacts and harm life, information, operations, the environment, and/or property.

Continue Reading →

Blended Threats: Can IoT devices be abused to overdose dementia sufferers (and kids)?!

In a post on 9 July 2020, the team at Pen Test Partners wrote “Hacking smart devices to convince dementia sufferers to overdose,” stating, that they had recently discovered a flaw “that was a little different: it was aimed at the elderly, particularly those with dementia or other cognitive impairments.”

Continue Reading →

Blended Threats: Protests! Hacking? Death Threats!?!

Illustrating how rapidly and dangerously this can play out in our world today, Sarah Coble reported, that the life of Jessica Hatch, a Houston business owner, was “threatened after cyber-criminals hacked into her company’s social media account and posted racist messages.

Continue Reading →

Blending Threats into a Complex New Year

As 2019 turns into 2020, technologies and threats that impact daily operations and data security persist in blended and complex ways. The convergence of both physical and cyber domains increase the productivity and value of businesses and critical infrastructure at large, but introduce new and evolving risks that can harm assets and individuals when the line between IT and physical risks are no longer crystal clear.

Continue Reading →