Israel's Claroty, an industrial cybersecurity company, announced the launch of its new research arm, Team82, which supplies vital research on vulnerabilities and new cyber threats to customers and defenders of industrial networks worldwide. Meanwhile, in a new report, Team82 revealed critical security vulnerabilities in cloud-based platforms for industrial control system (ICS) management. The report emphasizes the increase in ICS use in the cloud and the growing need to secure cloud implementations in industrial environments.
Team82, formerly known as the Claroty Research Team, is an experienced group of security researchers known for its rapid development of industrial threat signatures, proprietary protocol analysis, and discovery of ICS vulnerabilities. Team82 is a leader in ICS vulnerability research, with 146 vulnerability disclosures to date. It was the first to develop and release signatures for the Ripple20 and Wibu-Systems CodeMeter vulnerabilities. Team82 researchers, who are mostly located at the company's offices in Tel Aviv, and are equipped with an extensive ICS testing lab, work closely with leading industrial automation vendors.
In the new report, Team82 researched the exploitability of cloud-based management platforms responsible for monitoring ICS, and developed techniques to exploit vulnerabilities in automation vendor CODESYS' Automation Server and vulnerabilities in the WAGO PLC platform. Team82's research mimics the paths an attacker would take to either control a Level 1 device in order to eventually compromise the cloud-based management console, or the reverse, commandeer the cloud in order to manipulate all networked field devices.
Amir Preminger, VP research at Claroty, said "Team82’s latest research was motivated by the reality that organizations in the Industry 4.0 era are incorporating cloud technology into their OT and IIoT for simplified management, better business continuity, and improved performance analytics. In order to fully reap these rewards, organizations must implement stringent security measures to secure data in transit and at rest, and lock down permissions."