Welcome
About
News
Anonymous Reporting
Tools
MCA Chatter
Library
V-ID Terminal
Support
My Account

News

Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019
 
 
 

Worrying Report into ICS Security

 
October 24th 2017
Report shows they're ripe targets for hackers
Traffic analysis on 375 industrial networks worldwide has confirmed the extent to which hackers target industrial control systems (ICS).

The study by CyberX also found that industrial networks are both connected to the internet and rife with vulnerabilities including legacy Windows boxes, plain-text passwords and a lack of antivirus protection.

One-third of industrial sites are connected to the internet – making them accessible by hackers and malware exploiting vulnerabilities and misconfigurations. The findings undermine the comforting notion that industrial networks don't need to be monitored or patched because they're isolated from the internet via "air gaps".

More than three out of four sites have obsolete Windows systems like Windows XP and 2000. Since Microsoft no longer develops security patches for legacy systems, these can easily be compromised by destructive malware such as WannaCry/NotPetya, trojans like Black Energy, and other nasties.

Half of the sites audited failed to install any antivirus protection whatsoever – increasing the risk of successful malware infections.

Weak authentication was also a problem. Nearly three out of five sites have plain-text passwords traversing their control networks, which might be sniffed by attackers carrying out cyber-reconnaissance before launching attacks against industrial devices on weakly secured networks.

Rogue devices and wireless access were highlighted. Nearly half the audited plants have at least one unknown or rogue device, and 20 per cent have wireless access points (WAPs), both of which can be used as entry points by attackers. WAPs can be compromised via misconfigured settings or via the recently discovered KRACK WPA2 vulnerability, for example.

The vast majority (82 per cent) of industrial sites are running remote management protocols like RDP, VNC, and SSH. Once attackers have compromised an operational technology (OT) network, this makes it easier to learn how the equipment is configured and eventually manipulate it.

Power plant pwnage
These various shortcomings mean that hackers of varied motives might be able to attack industrial plants. Hackers might be able to get into OT networks either via the internet or by using stolen credentials to switch from corporate IT systems on to OT networks. Once a foothold has been established it's relatively easy for miscreants to move around and compromise industrial devices.

According to a new US CERT advisory citing analysis by the Department of Homeland Security and FBI, threat actors are currently engaged in advanced persistent threat (APT) attacks using spear phishing to obtain stolen credentials from ICS personnel.

OT networks are used with specialised ICS to monitor and control physical processes such as assembly lines, chemical mixing tanks, and blast furnaces. Although industry experts have been warning us for years that our OT networks are particularly vulnerable because they often lack the built-in controls found in IT networks such as automated updates and strong authentication, CyberX's study is one of the first to quantify the risk.

"The risk to OT networks is real – and it's dangerous and perhaps even negligent for business leaders to ignore it," said Michael Assante, ICS/SCADA lead for the SANS Institute.

Data used to compile the study was obtained by applying CyberX's proprietary NTA algorithms to production traffic collected from passive (non-intrusive) monitoring of 375 industrial networks worldwide. A representative sample of firms from the energy and utilities, manufacturing, pharmaceuticals, chemicals, and oil and gas sectors agreed to take part in the study. All the data was anonymised.

The traffic included a diverse and representative mix of specialised industrial protocols including Modbus TCP, Ethernet/IP, Siemens S7/S7+, GE SRTP, Schneider Electric Telvent, ABB HCS, Beckhoff, OPC, OSIsoft PI, MMS, and many others.

CyberX's Global ICS & IIoT Risk Report was published on Tuesday, October 24.

In response to the threat on industrial control systems, CyberX advises organisations to provide security awareness training for plant personnel and enforcing strong corporate policies to eliminate risky behaviours such as clicking links in emails, using USBs and laptops to transfer files to OT systems, and dual-homing devices between IT and OT networks.

Using compensating controls and multi-layered defences – such as continuous monitoring with behavioural anomaly detection — to provide early warnings of hackers inside your OT network, and the mitigation of critical vulnerabilities that might take years to fully remediate are also recommended.

Source


Keywords