Page 36 - EngineerIT November 2022
P. 36

TECHNOLOGY AND INNOVATION


        Kaspersky ICS CERT reveals “secrets”


        in Schneider UMAS protocol



            We’re grateful that Schneider Electric managed to respond that
          rapidly to the discovered vulnerabilities and provide its clients with
                     appropriate solutions and recommendations
                                                                                  monitoring and deep industrial protocol
                                                                                  analysis solutions such as Kaspersky
            aspersky ICS CERT investigated Unified Messaging Application Services (UMAS) by   Industrial CyberSecurity for Networks,
            Schneider Electric and the vulnerabilities of this highly popular protocol, which is   to monitor and control remote access
       Kused in multiple industries – from manufacturing to elevator control systems. By   attempts to PLC devices.
        exploiting described vulnerabilities, attackers could gain access to the whole automation   “The threat landscape is constantly
        system of an entity.                                                      evolving, and an organisation’s security
           UMAS (Unified Messaging Application Services) is Schneider Electric’s proprietary   strategy must constantly evolve as well
        protocol used to configure, monitor, collect data and control Schneider Electric industrial   to meet new challenges. Today, building
        controllers. The use of protocol is very widespread among different industries. The issues   cyber security system is not an end-state,
        described by Kaspersky ICS CERT experts refer to unauthorised access to the programmable   but a continuous proactive process – that
        logic controller (PLC) and methods cyber criminals use to bypass authentication.  is proven by the example of the UMAS
           In 2020, the vulnerability CVE-2020-28212 was reported, which could be exploited by   protocol. We’re grateful that Schneider
        a remote unauthorised attacker to gain control of a programmable logic controller (PLC)   Electric managed to respond that rapidly
        with the privileges of an operator already authenticated on the controller. To address the   to the discovered vulnerabilities and
        vulnerability, Schneider Electric developed a new mechanism, Application Password, which   provide its clients with appropriate
        should provide protection against unauthorised access to PLCs and unwanted modifications.  solutions and recommendations.
           An analysis conducted by Kaspersky ICS CERT experts has shown that the   However, our advice to all responsible
        implementation of the new security mechanism also has flaws. The CVE-2021-22779   for security within an enterprise is to
        vulnerability, which was identified in the course of the research, could allow a remote   implement special solutions,” comments
        attacker to make changes to the PLC, bypassing authentication.            Pavel Nesterov, a security expert at ICS
           As the researchers investigated, the main problem was that the authentication data   CERT Kaspersky.
        used to “reserve” the device for modification was computed entirely on the client side,
        and the “secret” used could be obtained from PLC without authentication.   Learn more about Schneider Electric’s
           Schneider Electric published an advisory with a remediation addressing the   UMAS protocol and its “secrets”
        vulnerabilities. Kaspersky ICS CERT in turn recommends to additionally use network   on ICS CERT.


        Bridging the gap between CEO and CISO is the only


        way to achieve cyber resilience





        By Wessel Matthee, Information Security and Compliance Manager at Entersekt  leadership commitment to successfully
                                                                                  deal with attacks.
         n early September around 50 000 users had their personal details exposed when the   However, the WEF report notes that
         fintech Revolut was breached in a cyber attack. The latest attack is one in a rising tide of   not only are cyber security resourcing
       Ibreaches which are unlikely to subside until CEOs and CISOs can close the gap between   efforts proving insufficient against
        how they view cyber resilience.                                           increasingly sophisticated attacks, but
           True cyber resilience is not just about the technology, but rather it entails a more   there seems to be a disconnect between
        holistic approach which must include everyone within the organisation. If cyberattacks are   how business leaders and security leaders
        to be avoided, CEOs and CISOs must close the gap in how they respectively view security   respectively perceive their organisations’
        and lead the cultural shift towards true cyber resilience.                threat-readiness. It shows that “while 92%
           The World Economic Forum (WEF) and Accenture Global Cybersecurity Outlook study   of business executives surveyed agree
        for 2022 was clear that focussing on cyber security (having the tech in place to fend off   that cyber resilience is integrated into
        attacks), is no longer enough. Rather, the report advises businesses to focus on cyber   enterprise risk-management strategies,
        resilience – a term which entails having the tech, security experts, company culture and   only 55% of security focused leaders


                                                 EngineerIT | November 2022 | 36
   31   32   33   34   35   36   37   38   39   40   41