2024 - Cybersecurity Awareness Month
Overview
Prioritizing and securing your OT infrastructure isn’t just a good idea—it’s essential for protecting our critical systems. Here’s an example of why:
It’s Cybersecurity month, and of course, Kalmarunionen want to showcase our talent! Although Operational Technology Security isn’t always considered the most sexy area, it is crucial for protecting our critical infrastructure and ensuring resilience against cyber attacks in a modern society.
Our longtime member Jens Nielsen from ICSRange despite his young age, has been securing a lot of OT infrastructure while also conducting solid vulnerability research in OT devices such as PLCs & Serial Device Servers.
In his talk at the CyberTek Tech Festival titled “The Journey of Unlocking a Branded W2150A Serial Converter,” (https://lnkd.in/ei8yvNgT) Jens takes us through his process of understanding, unlocking, and ultimately exploiting a branded Serial Device Server—a crucial piece of technology that, if accessed by the wrong person, can have a major impact on an organization.
One of the techniques Jens addressed was used some months later with his fellow Kalmarunionen player Viktor Edström. When they in about 28 hours during a CTF, found a vulnerability in ASUS router firmware, resulting in CVE-2024-33278 (https://lnkd.in/eVJeivvT). The bug had a CVSS score of 9.8—about as severe as it gets.
This again shows how collaboration and participating in CTFs is not only fun but also leads to learning from each other and finding bugs in critical appliances.
If you feel like you can contribute to the Kalmarunionen team, head over to kalmarunionen.dk and apply, or just drop us some kind words—compliments always make the team smile 😀