Cyber Threats Impact All Industries

勒索软件攻击和对工业控制系统的安全漏洞正在成为制造商的“新常态”,他们现在了解武器化软件可以做什么。

Cyber Threats Impact All Industries
Cyber Threats Impact All Industries

Last month’s news that俄罗斯威胁行为者已经渗透到工业控制系统(ICS)在美国关键基础设施和某些制造地点中,美国政府和其他有针对性的实体在能源,水和航空中重新审视如何阻止即将发生的罢工。

To that end, I can’t help but wonder if last week’s SamSam and WannaCry malware attacks on thecity of AtlantaandBoeing分别代表新常态。现在,我们运行的是可以变成敌对的数字领域,“武器化软件”可能会导致大规模破坏或丧失知识产权。

Of course, malware is not a new concept. But with the proliferation of the Internet of Things (IoT) andorganizations digitizing operationsinternally and across supply chains, there are more avenues of entry for these malicious actors. And, while the information revealed in the U.S. Computer Emergency Readiness Team (US-CERT)TA18-074A Alertcalls out critical infrastructure and manufacturing sectors like primary metal, machinery, electrical equipment and transportation industries as targets, any industry segment can fall victim to this virtual form of violence.

In Dave Greenfield’s article“The Infiltration of U.S. Control Systems,”许多行业专家都对US-CERT警报的网络安全性表示重视Automation World读者。因为,即使重点主要放在美国能源设施上,“实际上,任何制造商和处理器都是公平的游戏,” Barak Perelman说。Indegy, a cybersecurity technology supplier. “Recently we have seen concerning trends and activity at water facilities and in the food and beverage, chemical and pharmaceutical industries.”

Shutting down a food manufacturing process or disrupting a pharmaceutical supply chain may not cause life-threating explosions or impact power grids, but it can be costly and damaging in other ways.

“WannaCry and NotPetya, which are now attributed to North Korea and Russia, respectively, had a major impact on manufacturing companies like Merck and Mondelez, causing hundreds of millions of dollars in quarterly losses due to production downtime, in addition to loss of customer satisfaction due to missed shipments,” said Phil Neray, vice president of Industrial Cybersecurity atCyber​​x, a critical infrastructure and industrial cybersecurity firm based in Boston. “Now imagine cybercriminal organizations targeting major manufacturers with a ransomware attack. These companies could be held hostage while their plants idle, resulting in the loss of millions of dollars per hour in downtime.”

In Merck’s case, theWashington Post reportedthat the intrusion impacted all U.S. offices, and there was fear that critical information tied to Merck drug research could be lost. But hackers are not just encrypting corporate data and demanding payment in return for the files—which could result in the loss of mission critical information. They are also stealing intellectual property (IP) for their own use.

Last month, theU.S. government indicted nine Iranian hackerswho were affiliated with the Mabna Institute, an Iran-based company that conducted coordinated cyber intrusions into at least 144 American universities and 176 universities located in 21 foreign countries. The hacking campaign began in 2013 with the stolen university data totaling more than $3 billion in IP, which was used to benefit the Islamic Revolutionary Guard Corp. (IRGC), one of several entities within the government of Iran responsible for gathering intelligence.

At the same time the defendants were targeting, compromising and stealing data from universities around the world, they also compromised the computer systems of at least five U.S. federal and state government agencies and at least 36 U.S.-based private sector companies. Among the private sector victims were academic publishers, media and entertainment companies, technology companies, consulting and marketing firms, investment and law firms, and more, including one industrial machinery company, one biotech company and one food and beverage company.

Neray说:“这可能是试图窃取有关ICS/SCADA系统的专有设计信息的尝试,后来可以用来妥协关键的基础设施。”“别忘了,在2016年,为伊斯兰革命卫队工作的伊朗人也被指控compromising SCADA systems of the Bowman Dam in Rye, NY—which might simply have been a practice run for more sophisticated and destructive attacks.”

Neray还指出August 2017 attack on a plant in Saudi Arabia, the attackers demonstrated a high-level of knowledge about the specific design and memory layout of a safety controller by accessing and stealthily inserting a Remote Access Trojan (RAT) into the controller without interrupting its normal operation.

各种针对食品,饮料和制药行业的网络犯罪分子的工作中可能有类似的策略。Neray说:“关于盗窃公司IP,ICS/SCADA设备(如历史学家)包含有关专有食谱和配方的大量数据。”“像中国这样的竞争对手和民族国家通过损害ICS网络而有动力窃取这些类型的公司商业秘密。”

So what’s the best defense? Experts recommend a multi-layered approach that goes beyond perimeter security to include continuous ICS monitoring and analytics, automated threat modeling, vulnerability management and threat intelligence.

Click here for US-CERT recommendations for ICS protection.


更多在家