在过去几年中,几乎不可能错过有关制造和加工行业网络攻击的所有新闻。然而,尽管大多数制造商与更面向消费者的企业相比,这一最近的增长并不是一个令人惊讶的发展。
在行业攻击中滞后的原因之一是由于许多黑客对离散制造和加工行业中使用的工业控制系统(IC)缺乏熟悉。结果,大多数以企业为重点的网络攻击都以违反企业IT系统为中心,大多数黑客已经非常熟悉。
But when you consider the high profile and revenues of many industrial companies, coupled with the potential for significant business and community disruption made possible by attacking a company’s ICS, the incentive for hackers to become more familiar with ICSs was evident. Essentially, it was only a matter of time before industry became widely considered a target-rich environment for cyber criminals.
尽管对于如何确保其ICS的工业公司存在很多建议,但对于企业来说,了解他们最有可能面临的网络威胁的主要类型也很重要。
突出的攻击来源
Craig Young,首席安全研究人员 Tripwire , a supplier of industrial cybersecurity, points to three sources of cyber-attacks that industrial companies should be most aware of due to their potential to cause major disruption:心怀不满的内部人士:“最关键的威胁通常来自组织内部。” Young说。“在ICS的环境中尤其如此,在这些环境中,员工可以使用工厂控制和对操作过程的深刻了解。”Young引用了佛罗里达州的Oldsmar,水处理厂的攻击是被认为是雇员进行的违规行为的一个例子。Young说,这次攻击被认为是一项内部工作,因为黑客使用了“合法的公司TeamViewer帐户,结合了对公司的人机界面的明显了解”。
为了限制内幕攻击的威胁,Young建议强制执行访问控制并限制管理员访问。他补充说,练习强密码卫生(例如需要多因素身份验证,强制密码到期和禁止密码共享)也是有益的。
A ransomware gang:扬说,勒索软件通常以三种方式之一:针对员工的网络钓鱼攻击;损害用户可能会从中下载的行业网站;或针对VPN门户或其他外部暴露IT基础架构。
Craig Young, principal security researcher, Tripwire.“The best way to protect against a ransomware attack is to employ security best practices, including vulnerability management,” says Young. “Attackers often scan the internet for targets rather than identifying a specific target and evaluating its network space. Therefore, network administrators need to be aware of vulnerabilities in externally exposed systems such as VPN portals and mail gateways.”
He also noted that it’s important to strengthen internal security by limiting VPN access and restricting access between unrelated servers. And, as with the remedies suggested to prevent insider attacks, limited permissions are key in this instance as well.
“Users should not have access to a system unless there is a specific business need,” stresses Young.
 |
阅读有关殖民管道上的网络攻击. |
Advanced persistent threat:因为几种备受瞩目的IC中断归因于为外国军事或情报机构工作的恶意黑客,例如Triton和NotPetya攻击 - “很难低估战时ICS网络事件的潜在影响”。“除了影响工厂工人和当地社区的身体安全外,攻击还会导致长期失败,包括破坏电力,水,燃料和其他市政服务。”
除了上述最佳实践安全控制外,Young建议访问诸如此类的资源ATT&CK和D3FEND- 帮助工业公司学习已知对手及其运作方式的组织。Young说:“这对于做出明智的决定至关重要的决定不仅如何减少入侵风险,而且会阻碍攻击者的横向运动,同时增加防守者的检测机会。”
 |
Learn how toassess your level of cybersecurity needs in this "Automation World Gets Your Questions Answered" podcast episode. |
