Modbus is a simple and flexible protocol used by a wide variety of industrial and automation equipment. Its simplicity has made it attractive for many manufacturers, but it also poses a number of challenges in terms of security and traffic analysis. In this post, we’ll show you how to use NXLog to capture, process, and extract useful security information from Modbus traffic.
We are happy to report, the next release of NXLog Enterprise Edition v5 is now available.
The version 5.3 fixes issues and brings news functionality. The most noteworthy improvements are summarized below.
On the 18th of March, we noticed some unusual activity on one of our servers we use for build automation. Further investigation revealed that an outside party had deployed a Monero miner. The server was immediately taken offline. There was no customer data stored on the server and we have since replaced all our private keys and secrets that might have been potentially compromised.