Industrial Control Systems Are A Soft Target For Cyber Attackers

Uploaded on 2018-11-21 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Production-Manufacturing

Despite knowing for some time that improperly protected Internet-connected industrial control systems are vulnerable to attacks that can cause catastrophic harm to businesses and communities ICS systems are still easy targets, if numbers collected by a security vendor are representative.

“Many sites are exposed to the public Internet and trivial to traverse using simple vulnerabilities like plain-text passwords,” says the global ICS risk report released this morning by CyberX. “Lack of even basic protections like automatically-updated anti-virus enables attackers to quietly perform reconnaissance before sabotaging physical processes such as assembly lines, mixing tanks, and blast furnaces.”

The report looked at anonymized data obtained from over 850 production ICS (also known as operational) networks of CyberX customers in a 12 month period starting September 2017.

Among the findings:

– 69 per cent of networks had plain-text passwords traversing the network. A lack of encryption in legacy protocols like SNMP and FTP exposes sensitive credentials — making cyber-reconnaissance and subsequent compromise relatively easy;

– Operational networks are protected because they are air-gapped is a myth: 40 per ent of industrial sites have at least one direct connection to the public internet, making them more easily accessible to adversaries and malware;

– 53 per cent of sites had obsolete Windows systems such as Windows XP. The report admits due to ICS-specific
factors such as narrow maintenance windows, legacy applications, and older hardware some systems can’t be patched. If so, continuous monitoring of those systems may be necessary, as well as better network segmentation;

– 84% of industrial sites had at least one remotely accessible device;

– 57 per cent of sites weren’t running anti-virus protections that update signatures automatically;

– 16 per cent of sites had at least one wireless access point. They need to be monitored and patched;

This is a follow-up to a similar report done a year ago, and CyberX says, there isn’t much difference. Other than fewer sites running old versions of Windows, “the industry may not have changed much over the course of the past year.”

Among the problems, the report notes, is that industrial networks contain a complex mix of specialized non-IT protocols, including proprietary protocols developed for specific families of industrial automation devices. This heterogeneous mix complicates security for OT environments. In addition, many OT protocols were originally designed when robust security features such as authentication were not even a requirement — because it was assumed that simply having connectivity to a device was sufficient authentication.

Still, a number of standard IT protocols are in use. The SMB protocol is widely used across IT and OT networks, the report points out. “Managers should note that vulnerabilities in the decades-old SMB protocol were a key factor in the costly
WannaCry and NotPetya attacks of 2017.”

“Not everything can be protected at once,” the report admits, “and the deeply complicated and critical nature of OT networks mean that by definition systems cannot be easily taken offline in order to install upgrades, patches, or anti-virus.”

What’s the solution: “Ruthless prioritization is required.”

– inventory all ICS assets;

– identify vital assets (those that could cause catastrophic harm, revenue loss, lawsuits, theft of intellectual property) and use technologies such as automated ICS threat modelling to reduce risk;

– discover likely attack paths, then practice — through table-top and other exercises — how to defend against them.

– mitigate and protect by looking at everything from weak password and password policies, closing off unauthorized or unnecessary Internet connections, direct connections between OT and IT networks, open ports, device patching, lack of network segmentation. And get rid of the walls between administrators of OT and IT networks.

IT World Canada:

You Might Also Read:

USB Devices Pose A Significant Threat To Industrial Facilities

« Cybersecurity Vigilance Is Mandatory
Chinese Hackers Target UK Engineering »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

TitanFile

TitanFile

TitanFile is an award-winning, easy and secure way for professionals to communicate without having to worry about security and privacy.

Kirkland & Ellis

Kirkland & Ellis

Kirkland & Ellis LLP is an international law firm with offices in the USA, Europe and Asia. Practice areas include Data Security & Privacy.

Pole SCS (Secure Communicating Solutions)

Pole SCS (Secure Communicating Solutions)

SCS is a world-class competitiveness cluster dedicated to digital technologies in the fields of Microelectronics, Internet Of Things, Digital Security, Artificial Intelligence And Big Data.

Cyber Affairs

Cyber Affairs

Cyber Affairs is the first Italian press agency entirely dedicated to cyber security.

Trapezoid

Trapezoid

Trapezoid is a cybersecurity company developing Firmware Integrity Management solutions designed to detect unauthorized changes to firmware & BIOS across the entire data center infrastructure.

Nakivo

Nakivo

NAKIVO is dedicated to delivering the ultimate backup, ransomware protection and disaster recovery solution for virtual, physical, cloud and SaaS environments.

CyberForum

CyberForum

CyberForum supports businesses from the IT and high-tech industry in all stages of their development: from startup consulting to professional staffing and even location marketing campaigns.

MagiQ Technologies

MagiQ Technologies

MagiQ produced the world’s first commercial quantum cryptography product that delivered advanced, future-proof network security.

Ward Solutions

Ward Solutions

Ward Solutions are an information security consultancy and managed services company. We help organisations protect their brand, people, assets, intellectual property and profits.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

European Data Protection Supervisor (EDPS)

European Data Protection Supervisor (EDPS)

The EDPS is the European Union’s independent data protection authority. We monitor and ensure the protection of personal data and privacy when EU institutions and bodies process personal information.

Apura Cybersecurity Intelligence

Apura Cybersecurity Intelligence

Apura is a Brazilian company that develops advanced products and provides specialized services in information security and cyber defense.

Anonos

Anonos

Anonos is a global software company that provides the only technology capable of protecting data in use with 100% accuracy, even in untrusted environments.

Conceal

Conceal

Conceal’s mission is to stop ransomware and credential theft for companies of all sizes by developing innovative solutions that provide social engineering protection in any browser.

c0c0n

c0c0n

c0c0n is the longest running conferences in the area of Information Security and Hacking, in India.

Cyber Industrial Networks

Cyber Industrial Networks

Cyber Industrial Networks objective is to service the needs of industry in achieving reliable, robust and secure infrastructure that supports productivity.