Industrial organizations need to give impetus to securing critical infrastructure to avoid consequences much larger than disruptions and financial losses, according to Positive Technologies.
The industrial sector was the second most targeted sector after government entities in 2020, according to a report by cybersecurity company Positive Technologies. The attacks against industries are purpose-driven and usually involve a high degree of malicious intent, either to make money through ransomware or to carry out espionage.
The motive for attacks against the industries stems from the fact that infrastructure is critical to the day to day lives of the populace. Cybercriminals, at least in the last year, have been careful in choosing their targets, disruptions to which can most certainly derail company operations. Moreover, disruptions can also be detrimental to the society in general, which largely depends on this critical infrastructure for day-to-day lives.
Not only does this include manufacturing facilities of organization, it also encompasses oil and gas lines, electricity generation plants, and grids; water treatment plants, etc.
The Russia-based security intelligence and solutions vendor mentioned how three different attacks wreaked chaos in three different industries in 2020 and 2021. All three attacks, namely SNAKE/EKANS ransomware attack on Honda, DarkSide’s takedown of Colonial Pipeline, and the breach of a water treatment plantOpens a new window in the town of Pinellas County near Tampa, FL, had significant ramifications.
The first two are clearly the cases of hackers aiming for financial gains. However, the third is much more malicious. The unknown hackers of the computer system at the Pinellas plant sought to increase the amount of an additive in drinking water being supplied to the town. The intentions are unclear although this demonstrates the threat that industrial infra faces.
Others such as the SolarWinds hack is a case of meticulous planning on part of the attackers, not for financial payoffs, or for disruptions, but purely for data-rich insights from the network of an adversary. The software supply chain attacks against SolarWinds, an American company, was carried out by a Russian state-backed advanced persistent threat group ATP29 also known as Dark Halo or Cozy Bear.
Why Are Industrial Infrastructure and Companies at Risk?
Based on the information security assessment driven by attack simulation resembling those by actual threat actors, Positive Technologies (PT) found that most industrial companies have:
- Software that is outdated
- Low level protections in place for the internet-facing external network perimeterÂ
- Inadequate network penetration safeguards
- Misconfigured devices
- Weaknesses in traffic control protocols such as network segmentation and traffic filtering
- Poor and predictable passwords
As such, an astounding 91% of industrial organization networks are vulnerable to being infiltrated by attackers.
“Today, the level of cybersecurity at most industrial companies is too low for comfort,†Olga Zinenko, senior analyst at Positive Technologies said. “In most cases, internet-accessible external network perimeters contain weak protection, device configurations contain flaws, and we find a low level of ICS network security and the use of dictionary passwords and outdated software versions present risks.â€
Zinenko’s statement is based on additional findings which paint a grave picture of the state of cybersecurity in industrial companies. PT found that attackers can access user credentials in 100% of industrial networks they infiltrated and thus establish complete control over it.
PT also said attackers can steal sensitive data such as partners and company employees, email correspondence, and internal documentation in 69% of cases. Furthermore, 75% of industrial companies and their technological segment was blown open by hackers, leading to industrial control systems (ICS) being accessed in 56% of the cases.
Pretty alarming, wouldn’t you say? But wait, there’s more.
Vulnerabilities residing in the ICS’, mainly of the energy sector, manufacturing, and water treatment plants grew 25% in 2020Opens a new window .
PT also conducted PT NAD testsOpens a new window to analyze deep network traffic to shed light on any malicious activity in the network perimeter. For instance, one organization’s PT NAD analysis revealed that
An attacker could establish a remote desktop protocol connection to an external cloud storage. Through this, PT could transfer 23 GB of data via RDP and HTTPS to the external cloud.
See Also: Securing Industrial Control Systems From Modern Cyber Threats
Â
PT found the following to be actuated during the PT NAD pilot projects at industrial companies in 2020:
Source: Positive TechnologiesOpens a new window
How to Protect Industrial Companies
Considering outdated software is one of the leading causes of leaky infrastructure, patching it up seems like a good place to start.
Additionally, the lack of security assessment stemming from high confidence in existing security protocols is proving to be a risky proposition. Companies are unable to detect a targeted cyberattack due to a mirage created by the lack of relevant evaluation pertaining to present-day threats.
“The situation is exacerbated when such companies have blind faith in the reliability of security automation tools, and do not put infrastructure robustness to the test. Unfortunately, security assessments prove that attackers can easily gain access to such systems,†PT saidOpens a new window .
“More than anywhere else, the protection of the industrial sector requires modeling of critical systems to test their parameters, verify the feasibility of business risks, and look for vulnerabilities.â€
PT recommends establishing a cyber-range to assess the shield around infrastructure, evaluate risks, the consequences, therefore the potential damage.
Closing Thoughts
Late in July, POTUS Joe Biden signed a memorandum to safeguard critical infrastructure in the United States. POTUS directed the Cybersecurity & Infrastructure Security Agency (CISA) and the Department of Commerce’s National Institute of Standards and Technology (NIST) to devise performance goals for a critical infrastructure.
However, goals can only be achieved when the private players actually make an effort to evaluate respective infrastructure, and instigate remedial actions.
Part of the POTUS directive issued in July also establishes the President’s Industrial Control System Cybersecurity (ICS) Initiative to spur collaboration between the federal government and the critical infrastructure community.
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!