快速命中:
- 新的恶意软件可以使控制系统和SCADA设备完全访问。
- 攻击者可以在操作技术环境中移动到其他系统,并破坏关键的设备或功能。
- This new cybersecurity alert can affect manufacturers and processors of all sizes.
- 新的工业控制系统安全威胁
- 联合网络安全咨询:APT Cyber Tools Targeting ICS/SCADA Devices
- Securing Controls with Defense in Depth
 |
Read the transcript below: |
Welcome to与自动化世界相提并论五。我是内容总监David Greenfield,今天我们将研究所有制造和加工公司都需要意识到的美国政府非常具体的网络安全警报。
According to the alert: The Department of Energy, the Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the Federal Bureau of Investigation are warning that advanced persistent threat actors have the capability to gain full system access to multiple industrial control system and SCADA devices, includingSchneider ElectricPLCs,OmronSysmac NEX PLCs,OPC UAservers, and Windows-based engineering workstations. And when this alert refers to these threat actors, they’re referencing un-named nation states. So these aren’t your garden variety hackers.
The alert notes that by compromising and maintaining full system access to control systems and SCADA devices, attackers could move around to other systems within an operations technology environment and disrupt critical devices or functions.
尽管该警报主要针对关键的基础设施组织,例如发电,但警报中列出的技术在行业垂直领域广泛使用。因此,所有类型的公司都可能受到影响。正如我们几年前在WannaCry和NotPetya攻击中看到的那样,这些攻击对特定行动的靶向并不能保护非目标的公司免受其影响。在这种情况下,恶意软件针对欧洲和俄罗斯的关键基础设施,但美国食品制造商Mondelez International和制药商Merck的运营也受到影响。
该警报的一个关键方面是,它突出显示了用户可以采取的三个特定步骤来帮助防止这些攻击:这些步骤是:1)强制执行多因素身份验证,用于所有远程访问控制系统网络;2)在所有控制系统和SCADA设备上练习良好的密码卫生;3)使用网络安全软件连续监视您的操作网络来检测异常行为和入侵。
Before the break I mentioned how cyberattacks can impact companies that were not the initial targets of the attack. Eric Byres, an industrial control system advisor to the Cybersecurity and Infrastructure Security Agency and chief technology officer at the cybersecurity firm a Dolus Technology says that many of the underlying issues noted in this alert aren't in the software Schneider Electric's engineers created, it’s in the third-party code supplied by theCodesys组, which provides CoDeSys Runtime, a framework designed for running industrial control system software. Byres says the CoDeSys Runtime product has been used in more than 350 devices from dozens of different operations technology vendors and is widely used in the energy sector, industrial manufacturing, and Internet of Things systems.
BYRES指出,此警报的基本阅读可能会导致许多制造商相信,例如,如果他们使用Schneider Electric的软件,那么他们应该寻找分配给国家漏洞数据库中施耐德电气产品的漏洞。但是他说,这样做的公司不会找到东西,因为这些漏洞都被列为代码问题。
为了强调这一点,拜尔斯说:全国有成千上万的工业设施可能认为他们已经躲过了子弹,因为他们不使用施耐德或欧姆龙产品。他说,但是他们不一定会躲避任何事情 - 不采取适当的行动,他们可能会坐在这些民族国家攻击者身上。
So, my intent with this Take Five video is not to scare you, but to hopefully drive some specific cybersecurity actions to protect your operations. At the very least, following those three points noted in the alert that I mentioned earlier will go a long way toward protecting your network. So, the good news is that your systems can be well protected through a combination of good security practices and widely available cybersecurity technologies.
