Long before the widespread of the internet, industrial control systems were inherently safe. They were air-gapped, which meant that no one could readily interrupt day-to-day operations. This infrastructure guarantees that traffic lights work correctly, reliable water systems, hospitals, data centers, and office buildings can keep the power running. However, modern industrial control systems (ICS) increasingly interact with a wide range of networks and devices, posing a slew of industrial control system security risks. That has driven the rise of cybersecurity threats in ICS to an alarming rate.
Attacks against ICS Are Becoming More Common
Across the board, organizations observed an increase in the number of attackers pursuing and exploiting ICS and operational technology (OT) networks. As the number of attacks for critical infrastructure keeps growing, with managers and owners embracing new technologies to enhance operational efficiency, vulnerabilities and cybersecurity threats in ICS systems and OT networks continue to surge.
ICS and OT System Attacks
The majority of the reported attacks relied on a combination of known vulnerabilities in ICS hardware components. There are several password-spraying assaults involving ICS endpoints that use brute force login techniques. OT systems often utilize legacy software and hardware, resulting in production systems that cannot be fixed and are plagued with outdated vulnerabilities.
These unencrypted and unpatched OT systems are becoming especially susceptible for malicious hackers, who use simple exploitation methods to go lateral after establishing a foothold. The hackers exploit these OT systems to impair their availability and dependability, causing ripple consequences in the national and worldwide economies.
The Alarming Rise of Ransomware
Vulnerability exploitation is not the sole danger vector. Recently, it seems that criminals have been using ransomware to damage and spread cybersecurity threats in ICS and OT systems. Because of IT and OT infrastructure integration, breaches may now target OT devices managing physical assets, significantly raising the cost of recovery. According to a recent study, a multinational manufacturing firm was attacked by ransomware that began on an IT system and spread laterally into OT infrastructure, halting plant operations. The assault impacted the company’s operations and had a rippling effect in worldwide markets.
Ransomware attacks are hitting outdated ICS, and something will have to be done to protect industrial networks from being damaged by cybercriminals looking to profit from extortion. The goal of ransomware attacks is straightforward: to earn money. Cyber thieves understand that by targeting these systems needed to run factories and manufacturing settings, which depend on continuous uptime, they have a high possibility of being compensated.
Developing an effective response capability to ransomware requires taking specific steps for prevention, preparation, detection, verification, containment, eradication, and recovery. With LIFARS Ransomware Response Package, you will have the tools, processes, and team at your disposal to stand ready for even the most devious ransomware attack.
Well-Known ICS Attacks
Recent instances of successful ransomware operations on ICS, such as the assault on meat producer JBS, show precisely how profitable ransomware can be, with cybercriminals employing REvil malware making off with $11 million in bitcoin. Meanwhile, the Colonial Pipeline extortion assault demonstrated how a ransomware attack on an industrial target might seriously affect humans. The hack restricted gasoline supply to most of the northeastern United States.
Weaknesses That Manufacturers Should Look Out To
When it comes to cybersecurity, several manufacturers share several flaws.
- Utilization of Old and Legacy Systems
In industrial control, several firms utilize outdated desktop computers. In certain instances, they may not be linked to the internet or air-gapped, which may help safeguard them, but viruses can still be physically loaded. These computers are often running out-of-date and unpatched operating systems, making them fully susceptible to current malware.
Prior to the widespread usage of the internet, different manufacturers developed industrial control systems. When these older systems are linked to the internet, they are vulnerable to attacks and cybersecurity threats in ICS systems. Manufacturers are often complacent about safeguarding these systems, failing to see them as a threat.
- Allowing Access To Too Many People
The more individuals who have access to a system, the more susceptible it is to social engineering assaults such as phishing. Learning to secure industrial control systems is often challenging since they are accessible manually by many workers and remotely by a smaller number. Identity management is critical to ensure that no one has access to information they do not need access to.
- Weak Entry Point In IoT
There are minimal security requirements for Internet of Things (IOT) devices. While this is a well-known issue in many industries, including manufacturing, it is insufficient to assume that it is being addressed. Any connected device provides an access point to the network, and not all businesses consider this.
For ransomware operators and affiliates alike, the underground cybercrime economy is enormous money. Many ICS located in critical national infrastructure, industrial, and other facilities is considered soft targets, with many still running outdated operating systems and unpatched applications. Any infection and cybersecurity threats in ICS systems can undoubtedly result in days, if not weeks, of downtime.
Having insight into your assets and continuously monitoring them for anomalous activity is critical for identifying and isolating assaults before reaching their ultimate destination. When combined with tight access restrictions, ICS companies can reduce the effect of attacks while maintaining business continuity.
Organizations should also ensure that systems are backed up regularly and that backups are kept elsewhere. With an emphasis on ICS operations, these backups must contain the most recent known good-profile data to enable quick recovery and to reduce the effect of the assault.