OT Security

Threat actors have ramped up operational technology-targeted cyberattacks aimed at building automation systems, whose prevalence increased from 1% in 2023 to 9% in 2024, even if industrial automation protocols continue to account for a bulk of OT intrusions, recording an increase from 71% to 79% during the same period.

After inputting valid employee emails to infiltrate Starlink's admin panel hosted on a subarucs.com subdomain, threat actors could perform password resets, omit client-side overlay, and evade two-factor authentication to access the panel's features and determine different types of customer and vehicle information, including names, vehicle identification numbers, and location details.

Aside from the zero-day, threat actors behind AIRASHI also leveraged more than a dozen other security flaws impacting AVTECH IP cameras, Shenzhen TVT appliances, and other devices dating as far back as 2013, a report from QiAnXin XLab researchers showed.

Malaysia, Mexico, Thailand, Indonesia, and Vietnam accounted for most of the infections with the botnet, which exploited the CVE-2017-17215 and CVE-2024-7029 vulnerabilities for initial access and the eventual botnet malware retrieval for DDoS intrusions, an analysis from Qualys researchers revealed.

Other identified security vulnerabilities impacting the first generation of MBUX could also be exploited in USB or custom UPC connection-based attacks to deactivate the system's anti-theft defenses, conduct vehicle tuning, and open paid services, according to Kaspersky researchers.

Aside from banning the inclusion of Vehicle Connectivity System software and hardware, as well as Automated Driving System software developed by Chinese and Russian vendors in vehicles sold in the U.S., both China- and Russia-linked automobile manufacturers have also been barred from selling cars with such tech within the country.