Pwn2Own hacking contest to include industrial control systems

October 2019 Cyber Security

Trend Micro has announced a new vulnerability research competition, Pwn2Own Miami, run by Trend Micro’s Zero Day Initiative (ZDI). The first-of-its-kind contest will challenge participants to find vulnerabilities in a range of popular industrial control system (ICS) software and protocols.

Over the past 12 years, Pwn2Own has encouraged vulnerability research in the most critical platforms for enterprises globally. In 2018, the ZDI purchased 224% more zero-day vulnerabilities in ICS software compared to the previous year. This growth is sustaining in 2019 so far, which proves the increasing need to identify vulnerabilities and harden these systems before they are exploited.

“As IT and OT converge under Industry 4.0 and digital transformation initiatives, security gaps are emerging that can be exploited to sabotage key production processes and steal sensitive intellectual property,” said Brian Gorenc, senior director of vulnerability research for Trend Micro. “By expanding our long-running Pwn2Own competition, we hope to raise awareness about the importance of protecting these environments and provide actionable insight for ICS vendors and customers to help improve their security.”

The ZDI is working with ICS vendors through the contest by responsibly disclosing the identified vulnerabilities and encouraging the timely release of patches. Collaborating with IIoT vendors through the ZDI programme has led to stronger patch management processes, which help improve security for everyone.

“Being in ICS security for 20+ years, I have worked closely with vendors and the security community to protect the critical assets that live within industrial systems and vulnerabilities are an ongoing part of this work,” said Dale Peterson, founder and programme chair of S4 Events. “Finding and patching bugs in these platforms isn’t easy. I’m excited to have the ZDI pointing their skilled community toward these targets at Pwn2Own Miami, to help expose these flaws so they can be properly addressed.”

“If we have learnt anything from the DDoS attacks that have started from the point of IoT devices over the last three years, it is that the security of these systems can’t be underestimated,” stated Indi Siriniwasa, vice president sub-Saharan Africa for Trend Micro. “Our ZDI initiative continues to prove that we are better together as a security community, and this collaboration will greatly assist in bringing much needed security standards to the ICS industry.”

Pwn2Own Miami will take place at the S4 conference in Miami South Beach on 21-23 January 2020. It will run across five categories with full cash payouts for successful entries, and over $250 000 in cash prizes available to contestants. Points will also be awarded to determine the overall competition winner, or ‘Master of Pwn’. The winner will also receive an additional 65 000 ZDI reward points, which earns them instant Platinum status in the ZDI rewards programme.

For more information and the complete contest rules visit www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
The importance of XDR for cyber protection
October 2019 , Cyber Security, Products
35% of South African organisations are expecting an imminent cyberattack and a further 31% are bracing for it to happen within a year, according to local research conducted by Trend Micro.

Read more...
Enterprise security must change
October 2019 , Cyber Security, Security Services & Risk Management
The recent wave of cyberattacks against local banks has highlighted the importance of protecting data against malicious users.

Read more...
Kaspersky uncovers zero-day in Chrome
October 2019, Kaspersky , News, Cyber Security
Kaspersky’s automated technologies have detected a new exploited vulnerability in the Google Chrome web browser.

Read more...
Cybersecurity for video surveillance systems
September 2019, Mobotix , Cyber Security, CCTV, Surveillance & Remote Monitoring
Video surveillance systems are increasingly accessible over any IP network, which has led to the rise of potential cyberattack.

Read more...
African trust centre launches cyber division
November 2019 , Cyber Security
Advancing cybersecurity to more stringent heights, LAWtrust has launched a new division focusing on cybersecurity services to complement its identity, encryption and digital signature offerings.

Read more...
What are the cybersecurity issues in video surveillance?
November 2019, Axis Communications SA , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security
he importance of the data captured by surveillance cameras – and what can be done with it – has led to a new breed of cybercriminals, looking for insights to steal and sell.

Read more...
Protecting the outer perimeter with cloud services
November 2019 , Cyber Security
Business leaders now have a choice whether they want to continue using their trusted firewall or move to a next-generation firewall delivered by appliances or as cloud services.

Read more...
Information security outsourcing service
November 2019, Condyn , Cyber Security
SearchInform launches information security outsourcing service for companies that face the problem of corporate fraud and data leakage.

Read more...