Industrial cybersecurity put on notice as state-sponsored attacks persist

The continuing conflict among nations around the globe has been fueling a surge in state-sponsored cyberattacks.

Magnallium, a known advanced persistent threat (APT) group linked to Iran, has allegedly been trying to hack the US power grid by password-spraying private networks to potentially gain entry into this critical infrastructure. The act is believed to be part of a possible retaliation by Iran against the US in response to the escalation of military hostilities between the two countries earlier this year. Israel also recently reported to have thwarted hacking attempts on airport systems and planes of world leaders attending the World Holocaust Forum.

Any organization or facility can fall victim to state-sponsored attacks. Several of the major incidents involving large enterprises such as the denial-of-service attacks on major US banks in 2012 to 2013, the Equifax hack of 2017, and, the most recent, the Marriott data breach in 2018 are all believed to be committed by APT groups linked to certain states. The attacks caused massive financial losses for these companies and exposed the personal and financial information of millions of users.

Yet, what is considered to be more worrying than these incidents are attacks on industrial targets. A successful hack on critical infrastructure such as a power grid can cause major disruption not only to the economy but to human activities in general.

Oren Eytan, CEO of enterprise cybersecurity provider odix that specializes in file-based attacks and eliminating malware shares, "Many of the high-profile cybersecurity incidents that got massive attention over the years were mainly from the tech, financial, and retail industries. It's high time that we also shine the spotlight on attacks on industrial targets. Threat groups have already demonstrated the capability to infiltrate industrial systems. Should they be able to take full control, it's possible for them to not only cause disruption to these facilities' production but also turn off crucial measures that are designed to safeguard human life."

An attack on Ukraine's power grid in 2015 was able to successfully cause outages. Around 230,000 people were without electricity for several hours in the middle of winter. The incident showed how APTs can be methodical in executing attacks. It utilized various malware that were able to take over supervisory control and data acquisition (SCADA) systems and disable infrastructure components. A denial-of-service attack was also launched on customer support to deny customers timely information on the blackout.

Similar attempts on locations that are more densely populated or house high-profile organizations and facilities can potentially cause billions of dollars in economic loss and even civil unrest should they be successful. As such, the role of industrial cybersecurity has never been more critical.

But protecting industrial networks and infrastructure has increasingly become a challenge due to the changes in the technologies that they use. Previously, operational technologies such as sensors and programmable logic controllers were essentially hack proof as they were mainly kept air-gapped not only from the internet but also from the internal network. Tampering with them required attackers to physically manipulate them.

However, facilities have since become more connected due to the integration of more sophisticated sensors, machines, and control systems. Many have also shifted parts of their infrastructure to the cloud, thereby widening the attack surface that hackers can breach their systems remotely.

"Each component and endpoint that gets added to an infrastructure becomes a potential weak link in the defensive perimeter. The increasing adoption of internet-connected devices and applications by industrial users are contributing to their cyberattack risks. That said, this shouldn't mean that they have to totally avoid the adoption of new technologies. Not while these can help them become more effective at what they do," Eytan adds.

Securing industrial systems requires a comprehensive cybersecurity strategy. Organizations must have to carefully map out their entire infrastructure in order to identify potential vulnerabilities in each layer. Often components in the enterprise layer are the most vulnerable since these devices are often the ones that interface with external networks and the internet. Conventional cybersecurity measures such as using virtual private networks, firewalls, and endpoint security and setting up demilitarized zones can help protect the layer from threats.

However, malware can still spread to other layers if left unguarded. For example, components in the operational technology layers such as controllers and SCADA may still be infected with malware even if they are largely air-gapped. An operator may inadvertently introduce malware in infected removable storage devices like USB drives. A solution like a sanitization kiosk, a dedicated station used to disarm malware and sanitize storage devices, can be used as part of the workflow when moving data and files across operational technology components.

"As security providers, it's important for us to consider the scenarios that industrial users may face compared to other enterprises. We must craft specialized solutions tailored to their needs. For instance, our malware disarm solutions can be deployed across their infrastructure layers such as kiosks for on-premises security and online services to protect network folders and email servers," Eytan says.

As the threat of state-sponsored cyberattacks persists, it is critical for all stakeholders, especially the industrial organizations and the cybersecurity community, to advance industrial cybersecurity. APTs are now more than ever capable to cause harm and even just one attack on a critical industrial target can have grave repercussions. Where safety and security are of the utmost importance, preparation and protection are key.

Image credit: peshkov/depositphotos.com

Peter Davidson works as a senior business associate helping brands and start ups to make efficient business decisions and plan proper business strategies. He is a big gadget freak who loves to share his views on latest technologies and applications.