1. Malicious Insiders Can Threaten Even the Most Secure Systems
In 2008, the Maroochy Water Services (MWS) in Queensland, Australia, began experiencing sewage pump failures, resulting in the accidental discharge of millions of gallons of untreated wastewater. No alerts were triggered when the failures occurred. The final investigation revealed that a disgruntled contractor had stolen computers and radio equipment, deliberately sabotaging the sewage pumps to vent his frustration over not receiving a permanent position.
Protecting oneself from malicious insiders is not easy, but implementing strong asset management controls and a quick process for revoking former employee access can help. Additionally, this attack made MWS aware that their equipment’s wireless communication was not encrypted. If using publicly accessible communication media, encryption protection must be in place.
2. Secrecy and Physical Isolation Are Not Equivalent to Impenetrable Security
In 2010, the Stuxnet attack on Iranian nuclear facilities opened the Pandora’s box of nation-sponsored ICS cyberattacks. This complex attack caused Iranian uranium enrichment centrifuges to spin out of control and ultimately shatter. The attack utilized advanced malware that exploited four zero-day vulnerabilities, the first-ever programmable logic controller (PLC) rootkit targeting dedicated devices, and even a so-called double agent who smuggled malware past physical isolation.
If there’s one lesson to learn from the Stuxnet incident, it’s that with enough time, money, and will, even the most secure facilities can be breached. If critical systems are to be protected, very advanced security controls and procedures must be established to withstand the constant attacks from nation-state hackers.
3. Beware of Spear Phishing
Allegedly, between 2014 and 2015, Russian hackers installed BlackEnergy malware on a Ukrainian power company’s computers through spear phishing (using bait-laden Word documents). This malware allowed hackers to disrupt power supply to nearly 250,000 Ukrainians for up to six hours. (The same incident reoccurred in 2016 using CRASHOVERRIDE malware.) This is just one of many ICS attacks that began with spear phishing, with other cases including the Shamoon data-wiping malware in 2012, the U.S. gas pipeline attack in 2012, and the German steel mill hacking incident in 2014.
The lesson is clear: spear phishing is an extremely common tactic in ICS attacks. Regular employee training on how to identify and avoid spear phishing emails is essential.
4. Digital Attacks Can Cause Physical Harm and Death
In 2017, experts discovered highly specialized ICS malware while investigating a system failure at a petrochemical plant in Saudi Arabia. This malware was designed to shut down emergency shutdown and safety systems, causing physical damage. The industry widely considers TRITON to be the first cyberattack intended to cause human casualties.
Protecting ICS systems is vital not only because we need the services these systems provide but also for our personal safety.
5. ICS Are Vulnerable to Ransomware Attacks
Based on past cases, ICS attacks seem to fall within the “business” scope of nation-state hackers and terrorist hackers, but now, cybercriminals have also joined the ranks of those launching ICS attacks. For instance, global aluminum giant Norsk Hydro faced a ransomware infection that forced it to shut down some production lines and revert to manual processes. Such incidents vividly validate the ICS predictions made in 2019. As for more recent events, refer to the ransomware attack on Colonial Pipeline.
Although the origins of these incidents vary, they indicate that cybercriminals now possess the technical capability to breach ICS companies, which are attractive targets for ransomware. This also reflects that ICS operational technology in 2020 is largely ineffective. To operate an ICS company, it’s best to have a detailed business continuity plan and disaster recovery plan in place to quickly restore services in the event of disasters like ransomware attacks.
Disclaimer: Except for articles published without traceable authors and authorization, we will indicate the author and source of the article. If there are copyright issues, please contact us in a timely manner, and we will make changes immediately. Thank you! Source: Internet Security Insider.
