Industrial Control Systems Are A Soft Target For Cyber Attackers

Uploaded on 2018-11-21 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Production-Manufacturing

Despite knowing for some time that improperly protected Internet-connected industrial control systems are vulnerable to attacks that can cause catastrophic harm to businesses and communities ICS systems are still easy targets, if numbers collected by a security vendor are representative.

“Many sites are exposed to the public Internet and trivial to traverse using simple vulnerabilities like plain-text passwords,” says the global ICS risk report released this morning by CyberX. “Lack of even basic protections like automatically-updated anti-virus enables attackers to quietly perform reconnaissance before sabotaging physical processes such as assembly lines, mixing tanks, and blast furnaces.”

The report looked at anonymized data obtained from over 850 production ICS (also known as operational) networks of CyberX customers in a 12 month period starting September 2017.

Among the findings:

– 69 per cent of networks had plain-text passwords traversing the network. A lack of encryption in legacy protocols like SNMP and FTP exposes sensitive credentials — making cyber-reconnaissance and subsequent compromise relatively easy;

– Operational networks are protected because they are air-gapped is a myth: 40 per ent of industrial sites have at least one direct connection to the public internet, making them more easily accessible to adversaries and malware;

– 53 per cent of sites had obsolete Windows systems such as Windows XP. The report admits due to ICS-specific
factors such as narrow maintenance windows, legacy applications, and older hardware some systems can’t be patched. If so, continuous monitoring of those systems may be necessary, as well as better network segmentation;

– 84% of industrial sites had at least one remotely accessible device;

– 57 per cent of sites weren’t running anti-virus protections that update signatures automatically;

– 16 per cent of sites had at least one wireless access point. They need to be monitored and patched;

This is a follow-up to a similar report done a year ago, and CyberX says, there isn’t much difference. Other than fewer sites running old versions of Windows, “the industry may not have changed much over the course of the past year.”

Among the problems, the report notes, is that industrial networks contain a complex mix of specialized non-IT protocols, including proprietary protocols developed for specific families of industrial automation devices. This heterogeneous mix complicates security for OT environments. In addition, many OT protocols were originally designed when robust security features such as authentication were not even a requirement — because it was assumed that simply having connectivity to a device was sufficient authentication.

Still, a number of standard IT protocols are in use. The SMB protocol is widely used across IT and OT networks, the report points out. “Managers should note that vulnerabilities in the decades-old SMB protocol were a key factor in the costly
WannaCry and NotPetya attacks of 2017.”

“Not everything can be protected at once,” the report admits, “and the deeply complicated and critical nature of OT networks mean that by definition systems cannot be easily taken offline in order to install upgrades, patches, or anti-virus.”

What’s the solution: “Ruthless prioritization is required.”

– inventory all ICS assets;

– identify vital assets (those that could cause catastrophic harm, revenue loss, lawsuits, theft of intellectual property) and use technologies such as automated ICS threat modelling to reduce risk;

– discover likely attack paths, then practice — through table-top and other exercises — how to defend against them.

– mitigate and protect by looking at everything from weak password and password policies, closing off unauthorized or unnecessary Internet connections, direct connections between OT and IT networks, open ports, device patching, lack of network segmentation. And get rid of the walls between administrators of OT and IT networks.

IT World Canada:

You Might Also Read:

USB Devices Pose A Significant Threat To Industrial Facilities

« Cybersecurity Vigilance Is Mandatory
Chinese Hackers Target UK Engineering »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Howden Broking Group

Howden Broking Group

Howden provides a range of specialist insurance solutions to clients around the world including Cyber Liability insurance.

Uniken

Uniken

Uniken REL-ID is a safe, simple, and scalable security platform that tightly integrates your identity, authentication, and channel security.

Italian Association of Critical Infrastructure Experts (AIIC)

Italian Association of Critical Infrastructure Experts (AIIC)

AIIC acts as a focal point in Italy for expertise on the protection of Critical Infrastructure including ICT networks and cybersecurity.

Telesoft Technologies

Telesoft Technologies

Telesoft Technologies is a global provider of cyber security, telecom and government infrastructure products and services.

SecuLution

SecuLution

SecuLution is an Antivirus product using Application Whitelisting which offers much more protection than Virus Scanners ever can.

ArmorText

ArmorText

ArmorText offers a seamless channel for communication and collaboration for organizations concerned with keeping communication data private and secure.

SafeHouse Technologies

SafeHouse Technologies

SafeHouse is a cloud-based, high-end cybersecurity platform that can secure and insure any device that is connected to it.

UltraSoC Technologies

UltraSoC Technologies

Institute for Security and Technology (IST)

Institute for Security and Technology (IST)

The Institute for Security and Technology's goal is to provide the tools and insights needed for companies and governments to outpace emerging global security threats.

CYMOTIVE Technologies

CYMOTIVE Technologies

Combining Israeli cyber innovation with a century of German automotive engineering. CYMOTIVE operates under the assumption that connectivity is a game changer for the automotive industry.

Rausch Advisory Services

Rausch Advisory Services

Rausch delivers solutions that address compliance, enterprise risk, information technology and human resource capital.

Birch Cline Cybersecurity

Birch Cline Cybersecurity

Birch Cline specializes in helping Local Government and Education agencies, as well as mid-market organizations, build and maintain successful cybersecurity programs.

Bores Security Consultancy

Bores Security Consultancy

Bores Security Consultancy are an established family-run business delivering expertise in security and technology.

SquareX

SquareX

Squarex secures your online activities without compromising productivity.

Synergy Quantum

Synergy Quantum

Synergy Quantum has pioneered a proprietary suite of military-grade, quantum-secure communication technologies.

7AI

7AI

7AI is the first agentic security platform that harnesses the speed, swarming capabilities, and power of AI to finally give defenders the advantage over evolving threats.