As I often refer to various hacks and vulns and publications, this is my goto list for sources.

General Hacks / Vulns

• elektronische Patientenakte

  • CCC fordert Ende der ePA-Experimente am lebenden Bürger
  • 38C3: Große Sicherheitsmängel in elektronischer Patientenakte 3.0 aufgedeckt
  • Stellungnahme zum CCC-Vortrag zur ePA für alle

• VW Keyless Go, Kasper und Oswald

  • Official Page
  • Paper
    • sha256sum 20240712: 9da540724bf827498966b10114ec10c69703f5ca52b9456cf3369aeb7de59645 paper.pdf
  • Youtube Talk, Usenix 2016

• Industrial Remote Control Systems, Trend Micro

  • A Security Analysis of Radio Remote Controllers for Industrial Applications
    • sha256sum 20240712: 72839d8b049c91c9f3a2f2c9fe1cd1ffb408d650a734c95f401a215339a7f00e wp-a-security-analysis-of-radio-remote-controllers.pdf

• Südwestfalen-IT Hack

  • Abschlussbericht Security Incident
    • sha256sum 20241230: a37816b17ed9e2ab64b428e5f62d02699da3627cc827f059d813077b7c5d26d8 SIT_Incident_Response_v1.1.pdf

OT Security

Papers

• To kill a centrifuge
  • SHA256, 20230321: cccc53ec81ac7c0755fc50d8169631d9f320dd7ebfa238bce49e93574cffb479 to-kill-a-centrifuge.pdf
• Analysis of the Cyber Attack on the Ukrainian Power Grid
  • SHA256, 20230321: 945b431a136dfb2209942f28de02f277af7b0c9b6e8de4c5e4e23d3c88119ca5 E-ISAC_SANS_Ukraine_DUC_5.pdf
  • Weitere Links zum Thema:
    • https://www.globalsign.com/en/blog/cyber-autopsy-series-ukranian-power-grid-attack-makes-history
    • https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/
• Industrial Remote Control Systems, Trend Micro
  • A Security Analysis of Radio Remote Controllers for Industrial Applications
    • sha256sum 20240712: 72839d8b049c91c9f3a2f2c9fe1cd1ffb408d650a734c95f401a215339a7f00e wp-a-security-analysis-of-radio-remote-controllers.pdf

Incidents

• Heating Finland 2016

  • https://securityledger.com/2016/11/lets-get-cyberphysical-ddos-attack-halts-heating-in-finland/
  • https://www.spiegel.de/netzwelt/web/finnland-hacker-schalten-heizungen-aus-a-1120234.html
  • https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

• Polish Trams 2008

  • https://www.schneier.com/blog/archives/2008/01/hacking_the_pol.html
  • https://www.darkreading.com/perimeter/teenage-hacker-takes-over-polish-tram-system
  • https://www.wired.com/2008/01/polish-teen-hac/
  • https://www.theregister.com/2008/01/11/tram_hack/

• KA Sat 2022

  • https://www.golem.de/news/satellitennetzwerk-ka-sat-viasat-untersucht-moeglichen-cyberangriff-auf-systeme-2203-163515.html
  • https://www.golem.de/news/ukraine-krieg-tausende-deutsche-windraeder-ohne-satelliten-kommunikation-2202-163499.html
  • https://news.sky.com/story/satellite-giant-viasat-probes-suspected-broadband-cyberattack-amid-russia-fears-12554004

• Florida Water Treatment Plant

  • https://www.industrialdefender.com/blog/florida-water-treatment-plant-cyber-attack
  • https://www.wired.com/story/oldsmar-florida-water-utility-hack/
  • https://www.forbes.com/sites/leemathews/2021/02/15/florida-water-plant-hackers-exploited-old-software-and-poor-password-habits/

• Polish Train Breakdown / DRM 2024

  • https://www.railway-technology.com/news/the-story-of-the-great-polish-train-hack/
  • https://www.kaspersky.com/blog/train-hack-37c3-talk/50321/
  • https://www.railtarget.eu/technologies-and-infrastructure/hacker-intervention-saves-polish-trains-a-cybersecurity-drama-unfolds-8493.html
  • https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/
  • https://www.youtube.com/watch?v=XrlrbfGZo2k

• Milking Robot Killing Cow 08.2024

  • https://www.agrarheute.com/tier/rind/cyberkriminelle-erpressen-landwirt-hacken-melkroboter-kuh-stirbt-624499
  • https://www.heise.de/news/Schweiz-Kuh-und-Kalb-sterben-nach-Cyberangriff-auf-Melkroboter-9826381.html?view=print

Official Recommendations

• CISA: Cybersecurity Best Practices for Industrial Control Systems
• BSI: ICS Security Kompendium
• CISA: Improving Security of Open Source Software in Operational Technology and Industrial Control Systems
• NIST: Guide to Operational Technology (OT) Security
• White House: National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems
• CISA: ICS Recommended Practices