Connect with us

Cyber Crime Trending

Cyber Threat To High-Tech Industrial Machines Used For Automated Jobs: India’s CERT-In Warns

Cyber Crime Policy Watch

RBI Set to Empower Banks with Authority to Freeze Fraud-Linked Accounts

Cyber Crime Economic Fraud

From Crypto Kings to Criminals: The Downfall of Samourai Wallet's Founders!

Cyber Crime

Daily Cybercrime Brief by Future Crime Researchers [25.04.2024]: Cryptocurrency scam, Cyber espionage, Stock Market Scam and more

Cyber Crime

CloudSEK Revolutionizes Cybersecurity with Nexus: The First Platform to Quantify Financial and Business Risk

Cyber Crime Policy Watch

MHA To Launch New Center for Real-Time Fight Against Cyber Financial Fraud After Lok Sabha Elections, Details Inside

Cyber Crime

Daily Cybercrime Brief by Future Crime Researchers [24.04.2024] : Srinagar Cyber Police, Telegram and Gurugram Police, Cadila Fraud and more

Cyber Crime

Cyber Police Kashmir Zone Srinagar unveils major mule account racket in Kashmir valley; FIR registered

Cyber Crime Trending

Dubai Drug Lord's Inner Circle Exposed in Operation Black Tie, Details Inside

Cyber Crime

Here Is How to Report Suspicious Websites, Emails and Mobile Numbers on I4C's Cyber Crime Portal

Cyber Crime

Rental Scam on 99Acres, MagicBricks and OLX Targets Elderly Landlords

Cyber Crime

Daily Cybercrime Brief by Future Crime Researchers [23.04.2024] : Cyber Espionage, Ranveer Singh Deepfake Video and more

Cyber Crime Economic Fraud

From Greater Noida to Europe: Inside Details Of Multi-Crore-Worthy Drug Syndicate!

Cyber Crime Fact Check

Ranveer Singh's Cyber Battle: Fighting the Rise of Deepfake Technology!

Cyber Crime

Exposed! Hyderabad Businessman Loses Rs 81,000 to Fake Government Loan Scam!

Cyber Crime Economic Fraud

You Won't Believe What Customs Found Inside These Liquor Boxes at IGI Airport!

Cyber Crime

Top 10 Technology Crimes From Around The World [22.04.2024] Compiled By Futurecrime Researchers

Cyber Crime

Daily Cybercrime Brief by Future Crime Researchers [22.04.2024] : India's annual cyber crime loss, Akira ransomware and more

Cyber Crime

Top 10 Technology Crimes From Around The World [21.04.2024] Compiled By Futurecrime Researchers

Cyber Crime

Daily Cybercrime Brief by Future Crime Researchers [21.04.2024] : Cyber espionage, Woman duped of Rs 61 Lakhs, West Bengal CID nabs cyber offenders and more

Cyber Crime

Daily Cybercrime Brief by Future Crime Researchers [20.04.2024] : Voters list fraud 2024, Malaysia's Cyber Security Bill, Punjab & Haryana HC judgment and more

Cyber Crime

Daily Cybercrime Brief by Future Crime Researchers [18.04.2024] : Iran's Cyber Offensive, Pune Woman Defrauded of Rs. 2 Crore, Cyber Attacks on LDF Candidate, and more

Cyber Crime

Jharkhand CID Uncovers International Cybercrime Racket Based in Hong Kong and China, Rs. 1.8 Crore Found in Single Account

Cyber Crime

Here's How You Can Report Suspicious Website URLs, Whatsapp Numbers/ Telegram Handles, Etc. on the National Cyber Crime Reporting Portal Launched by I4C

Cyber Crime

Daily Cybercrime Brief by Future Crime Researchers [17.04.2024] : Aamir Khan New Victim Of Deepfake, New Investment & Crypto Fraud and More

Cyber Crime

Think Twice Before Investing: Navi Mumbai Man Cheated Out of Nearly 46 Lakhs

Cyber Crime

Pune Woman Loses Rs 14 Lakh in Elaborate Online Scam; Forced to Disrobe on Camera

Cyber Crime

Daily Cybercrime Brief by Future Crime Researchers [16.04.2024] : Cyber Slavery Exposed, New Investment Scams Unraveled, Global Crackdown on Cyber Unrest, and More

Cyber Crime

The420 Cyber Crime News Update: Nationwide Scams Swindle Millions, Authorities Arrest Key Suspects Across Multiple Cases

Cyber Crime

Chartered Accountant Becomes Victim of a Rs. 3.4 Crore Stock Market Cyber Scam

Cyber Crime

Russian Government-Backed Hackers Have Infiltrated Microsoft's Email System - CISA Report

Cyber Crime

Senior Citizen Loses Rs 3 Lakh in Sophisticated Voice Cloning Scam

Cyber Crime

Bengaluru Lawyer's Skype Call Nightmare: Stripped for a Fake FedEx Narcotics Test!

Cyber Crime Economic Fraud

Delhi's Mastermind Behind Rs 4,978 Crore Online Fraud Finally Caught – Details Inside!

Cyber Crime

How a Retired Lady Teacher From Varanasi Lost Rs. 3.5 Crores in a Cyber Scam

Cyber Crime

Uttarakhand STF and I4C Uncover Nationwide Cyber Fraud Operating Under the Guise of PM Mudra Loan Scheme

Cyber Crime

Motorists Beware: E-Challan Hoax Drains Bank Accounts in Sophisticated Cyber Fraud

Cyber Crime

Cyber Cell Inspector Caught in Web of Bribery: Mohali Court Orders FIR

Cyber Crime

Delhi Police Warns Against Cyrillic Script in Phishing Attacks

Cyber Crime Trending

Shocking Sex Photo Scandal Rocks Parliament: Multiple MPs Fall Victim to Blackmail in Grindr Honey Trap Drama!

Cyber Crime

Facebook Inheritance Scam Leaves Rajkot Trader Rs 16 Lakh Poorer - You Have to Read How It Happened

Cyber Crime

Cross-Border Cyber Crime Racket Smashed: Thousands of SIM Cards Seized

Cyber Crime Trending

The420 Cybercrime News Update: Scams from Fake Swiggy to Impersonations and Task Frauds, with Police Actions Across Cities

Cyber Crime Trending

Indian Authorities Issue Advisory for Job Seekers Heading to Cambodia

Cyber Crime

From Love Messages to Lost Fortunes: The Inside Story of Google's Battle Against Crypto Scammers!

Cyber Crime

The420 Daily Cyber Crime News Updates: Arrests in Rs 4.5 Crore Bank Fraud and Black Magic Scams, CERT-In Flags Major Tech Vulnerabilities, Thiruvananthapuram's Record Online Fraud, and More

Cyber Crime

DHS Report Unmasks: Microsoft’s Oversight Opens Door to Chinese Cyber Threats!

Cyber Crime

Canva Caught in Cyber Storm: Indian Authorities Crack Down on Misuse!

Cyber Crime

ICICI Bank Warns Customers of Sophisticated Online Scams Draining Accounts

Cyber Crime

In a First, Nigerian National Sentenced to 7-Year Rigorous Imprisonment for Cyber Fraud

Cyber Crime Trending

Ex-Intelligence Officer Raises $30M to Fight Cybercrime: The Untold Story

Cyber Crime Economic Fraud

Indian Banks Lost a Whopping Rs 5.3 Lakh Crore to Frauds in a Decade!

Cyber Crime

World Under Attack by AI-Powered Cybercrimes: Report

Cyber Crime

HP High Court Streamlines Relief Process for Cyber Fraud Victims, Removes FIR Requirement

Cyber Crime

The420 Cyber Crime News Update: Amazon's Billion-Dollar Anti-Fraud Crusade, Mumbai's Job Scam Bust & Other Frauds

Cyber Crime

How a Simple Act of Returning Spoiled Milk Turned into a Rs 77,000 Nightmare for One Elderly Woman!

Cyber Crime

Trapped and Exploited: How 30 Indian Youths Became Victims of a Ruthless International Job Scam

Cyber Crime

Cyber Threat To High-Tech Industrial Machines Used For Automated Jobs: India’s CERT-In Warns

Published

2 years ago

on

Cyber Threat To High-Tech Industrial Machines Used For Automated Jobs: India’s CERT-In Warns

NEW DELHI: A popular perception among gadget users is that only mobile phones or computers run the risk of getting hacked or attacked by a malware. However, a new advisory issued by the Indian Computer Emergency Response (CERT-In) exposes a new dimension in cyber vulnerabilities.

According to the advisory, two serious vulnerabilities have been detected in Programmable Logic Controllers (PLCs), high-tech devices used in industrial machines for automatic performance.

“Almost every automatic machine today runs on a PLC, and if exploited by attackers these PLCs could lead to the crash of entire industries,” cyber experts believe.

ALSO READ: Beware! That IT Returns SMS Can Empty Your Bank Account: CERT-In Issues Advisory Against New Trojan That Hit 27 Banks

The CERT-In’s advisory was issued on June 29 this year and makes it clear that there are two vulnerabilities, both classified as ‘High’ in terms of severity, have been detected in PLCs manufactured and sold by JTEKT, a Japan-based company that also has a branch in India.

The vulnerabilities affect 17 different types of PLCs made by JTEKT,” the advisory noted in the warning.

ALSO READ: Protect Your Phone From Bot & Virus Using Free App Developed By CERT-In

“These vulnerabilities exist due to missing authentication for critical functions and insufficient verification of data authenticity. A remote attacker could exploit these vulnerabilities by sending specially crafted messages,” the advisory states.

“Successful exploitation of these vulnerabilities could allow a remote hacker to execute arbitrary code, change control logic, disable communication links or perform denial-of-service condition on the targeted systems,” it warned.

History And Israel-Iran Conflict

According to reports, this is not the first time that such vulnerabilities on Programmable Logic Controllers (PLCs) have come to the fore. There have been episodes in the past also in which global-level cutting-edge technology of the time has been used by countries against rivals.

ALSO READ: Report Data Breach & Cyber Incidents Within 6 Hours: CERT-In New Directives To Firms & Government Agencies

One of the most prominent examples of PLCs being hacked was noted in 2010, when Israel exploited vulnerabilities in PLCs to hack and disable Iran’s nuclear enrichment facility, the reports claimed.

Nomenclature: Why PLCs are named PLCs

Cyber experts believe that Programmable Logic Controllers (PLCs) are so named because they work on a pre-set “logic” or a reasoning that allows them to function the way they are supposed to.

This logic can be programmed by an external party, which is ideally supposed to be the entity operating the concerned machines. The risk factor begins when an external attacker, usually a hacker, gains access to the PLCs and is in a position to change this logic.

“Once a hacker is able to do this, they can manipulate the machine run by the PLC for any purpose. PLCs, commonly known as industrial controllers, are used in every industry in this day and age, be it logistics, healthcare, aviation or defence,” the experts claim.

Threat To Indian Industries

Yes, the industrial sector in India is vulnerable to attacks on PLCs.

“Industrial controllers are legacy systems with hardly any security. These systems used to be analogue but once they were accessible over the internet, they got an IP address and hackers were able to discover them,” Maharashtra’s senior police officer Brijesh Singh said.

Singh, who is currently the Additional Director General of Police of the most industrial Indian state, is among the country’s leading cyber experts.

“Imagine an elevator programmed to take people up and down a building, and imagine what could happen if its PLC were to fall into the wrong hands,” the officer said.

Singh said there are entire repositories of vulnerable industrial controllers, along with custom made exploits for targeting each vulnerability, on the dark web.

“Not just this, there are specialised search engines which literally give you a list of open-to-hack devices on a map!” he warned.

ALSO READ: Step By Step Guide: How To File Cybercrime Complaint Online In India

JTEKT’s Response:

Japan-based JTEKT, has also confirmed both the vulnerabilities on its official website. The company said these vulnerabilities exist due to lack of authentication capabilities in its products.

JTEKT has also released detailed mitigation methods on its website which can be downloaded and followed.

What is even more serious, however, is that these two vulnerabilities are just the tip of the iceberg.

They feature in a report released two weeks ago by private cyber security research group Forescout, which discovered 56 serious vulnerabilities, many of them classified as ‘critical’ in severity, in industrial controllers manufactured and sold by ten leading names in the field.

Follow The420.in on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube

Related Topics:
Continue Reading