Obfuscated cyberattacks likely with Delta OT monitoring product bugs

Malicious cyber activity could be deployed by threat actors without being undetected through the exploitation of four vulnerabilities in Delta Electronics' InfraSuite Device Master, which allows the tracking of industrial control systems, building sensors, and other operational technology systems in real time, according to SecurityWeek. Attackers could leverage the two critical bugs to facilitate arbitrary code execution even without authentication, while the other flaws given a high-severity rating could be abused to allow remote code execution and sensitive data exfiltration, with Trend Micro's Zero Day Initiative Head of Threat Awareness Dustin Childs noting potential utilization of the bugs to conceal security alerts regarding disrupted or damaged OT systems. "A successful exploit would allow the attacker to gain administrative privileges. They would be able to take any actions an administrator would normally be able to perform," said Childs, who added that such an attack has been performed to compromise an Iranian nuclear facility.