Infrastructure Security in the Age of Ransomware

Uploaded on 2016-07-15 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

Stuxnet gave the world a grasp on how real and devastating cyber-security risks in critical infrastructures can be. In the era of industrial IoT and increasingly complex cyber-threats, attacks on public infrastructures, particularly in the energy sector, are becoming frequent.

Critical infrastructure such as electric and water utilities are being temporarily shut down as ransomware plagues corporate systems, causing hours of downtime. The health industry has also fallen victim to these cyber-extortion techniques.

What are the risks?

The risks go beyond operability, financial losses and credibility. Cyberattacks on industrial systems can cross the line into threatening human lives.

“Whether it’s a dam in Rye Brook, or our power grids, our financial institutions, our water systems, or our online networks, these parts of our infrastructure are at risk and are under assault like never before, and we need to do more about it,” US Senator Charles E. Schumer said after Iranian hackers breached the Bowman Avenue Dam near Rye Brook, New York and gained control of the floodgates.

Recently, a German nuclear power plant in Bavaria has admitted that its systems are riddled with malware. In 2015 a hacker managed to enter the systems of a nuclear power plant in South Korea.

However, securing vital systems from multiple attack vectors is a serious challenge that requires joint efforts from international organizations, the private sector, the civil society and, especially, governments. It also presents a set of unique difficulties.

Sophistication of attacks

Cyber-threats are expanding in every way - from attack frequency to scale, sophistication and impact severity. The rate of code vulnerabilities found in dated, internet-accessible software also shows no signs of abating.

"A wide variety of threats ranging from Advanced Persistent Threats (APT), to sophisticated and common malware [are] found in the ICS environment,” the ICS-CERT reports. “Other incidents in the water and commercial sectors involved Internet-facing systems with weak or default credentials."

For instance, Black Energy was a malware toolkit developed to infect Ukrainian power authorities. It overwrites system data to control manual functions such as modifying temperature controls and turning pumps on and off at wind turbines, power transmission grids, oil and gas pipelines. Its goal was to sabotage critical parts of an industrial control computer’s hard drive.

Crypto-ransomware that leverages clever engineering techniques is also on the rise. Almost 10% of ransomware-infected emails sent globally target German users, according to cybersecurity provider Bitdefender.

Compliance

As more IT systems running critical infrastructure organizations connect to the public Internet – such as Industrial Control Systems and SCADA applications – new laws and national cybersecurity strategies are becoming mandatory.

Infrastructure operators must apply state-of-the-art measures to prevent unauthorized access to their technical systems and secure them against data breaches and other incidents, including outside attacks. Otherwise, they can face fines of hundreds of thousands of dollars. But not all organizations are ready to comply -- their current spending may not meet the demands of the new regulations.

Over-Confidence

Despite the increasing number and severity of attacks targeting critical infrastructure, technology and security professionals remain confident in their cyber defenses, studies have shown.

Cyber forensics

Global security executives’ trust in their organization’s cyber preparedness is sometimes unfounded. As proof, most attacks in recent headline-grabbing security incidents were under way weeks or months before initial detection. More than once, the vectors for attack could not be determined because the systems lacked detection and monitoring capabilities. In other cases, engineers did not even know if the problem was caused by a cyber-attack.

Sharing information

Sharing network and defense information with other organizations in the same industry or a national or international agency is often the missing piece of the puzzle. Critical infrastructure operators often loathe disclosing information for fear of damaging their reputation or risk of punishment by the government. But operating in a silo does not help cybersecurity.

In a nutshell, businesses operating public or private infrastructures that want to enhance cyber-security can start by:

▪        Deploying anti-malware software where possible

▪        Preventing unauthorized access to secure locations

▪        Applying application whitelisting to prevent unauthorized applications from running

▪        Deploying a breach detection system

▪        Enabling a USB lockdown on all SCADA environments to stop malware from physically entering the environment

▪        Deploying basic security measures in between network segments, such as firewalls/IPS.

MacWorld

« Air Gapping Critical Process Control Networks
The Nation State Hack-Attack »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

D3 Security

D3 Security

D3's Smart SOAR platform is at the forefront of the security automation revolution, helping clients around the world to rapidly identify, analyze, and resolve advanced threats.

netfiles

netfiles

netfiles offers highly secure data rooms for sensitive business processes and secure data exchange.

Cyber Defense Agency (CDA)

Cyber Defense Agency (CDA)

Cyber Defense Agency is a premier professional services firm specializing in cyber security, computer network defense, and information security.

Sopher Networks

Sopher Networks

Sopher is a secure communication and collaboration platform for business and personal use.

Southwest Research Institute (SwRI)

Southwest Research Institute (SwRI)

Southwest Research Institute SwRI are R&D problem solvers providing independent services to government and industry clients. Areas of expertise include Cybersecurity, Intelligent Networks and IoT.

CryptoSec.info

CryptoSec.info

CryptoSec.info is a web resource focused on educating the beginners in the cryptocurrency space on how to properly secure their online assets from hackers and scammers.

XioGuard

XioGuard

XioGuard is a managed security service for 360-degree cybersecurity coverage, protecting the entire attack surface, increasing performance, reducing cost, and simplifying operations.

Route1

Route1

Route1 is an advanced provider of secure data intelligence solutions to drive your business forward.

Fibernet

Fibernet

Fibernet's innovative solutions in the fields of cybersecurity and fiber optics range from telecommunications infrastructure to small business cybersecurity.

Quzara

Quzara

Quzara provides trusted advisory services and highly adaptive cybersecurity services to federal, commercial and Defense Industrial Base customers to meet their security compliance and cyber needs.

Deutsche Gesellschaft für Cybersicherheit (DGC)

Deutsche Gesellschaft für Cybersicherheit (DGC)

As a leading provider of cyber security, DGC supports companies in taking advantage of the opportunities offered by the digital transformation – and in minimizing the associated risks.

Zluri

Zluri

Zluri is a cloud-native SaaSOps platform enabling modern enterprises with SaaS Management and Identity Governance.

OpenAI

OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity.

ThreatCaptain

ThreatCaptain

ThreatCaptain is a Cybersecurity Leadership Development Company driven to enhance and illuminate cybersecurity risk through strategic alignment and informed business decision-making.

Scality

Scality

Scality storage unifies data management from edge to core to cloud. Our market-leading file and object storage software protects data on-premises and in hybrid and multi-cloud environments.

Dialog Enterprise

Dialog Enterprise

Dialog Enterprise is the corporate ICT solutions arm of Dialog Axiata, Sri Lanka’s leading connectivity provider.