06/15/2021 | Press release | Distributed by Public on 06/15/2021 09:16
What You Can Do
Earlierthis year,Canadian aircraft manufacturer Bombardier announced they were a victim of a cyberattack. Industry Week's reporton the attack said, 'This is not a broken record. This is not part of the script from the movie Groundhog Day. It is just the sad reality that cybersecurity attacks just keep coming. The threat landscape continues to evolve with hackers having access to far more sophisticated tools. Each time another breach impacts a manufacturer it clearly demonstrates just how much today's hackers value having access to the mountains of data these companies possess.' Simply put, this summarysums up the state of affairswith manufacturers. The bad actors have found them to be an easy target- ripe for exploitation.
A recent studyby White Hat Securityresearchersfound that among the all the verticalindustries, the manufacturing sector is highly vulnerable tocyberattacks. Theyfound that 70% of software applications used by manufacturers had at least one serious vulnerability that was not fixed over the past 12 months. In another study, security firm Trend Microfound that of the 500 manufacturing sector employees surveyed in the U.S., Germany and Japan, 61% said they had experienced cybersecurity incidents,with many causing system outages.
In another case, a ransomware incident at a pair of manufacturing facilities in Italy temporarily shut down production for two days. The strain of ransomware called Cringwaspushed masqueradingas an anti-virusupdate to begin the compromise. Once on their network,the Cringransomwarewas usedto access the manufacturing equipment and bring it to a halt.
How did we get here?
Internet of Things (IoT), Industrial IoT (IIoT) and Internet of Everything (IoE) catapultedthe manufacturing sector into the Internet ageconnecting anything and everything. IoTtechnologies helpedretrofit industrial systems, manufacturing supply chains and processes withthe much-needed hardware-software combo, andmore importantly,the ability to easily manage everything throughsoftware.
Many networking companies createddevicesto translate industrial protocols such as Zigbee and SCADA to TCP/IP and connect the operational technology (OT)networkto your network and ultimately the Internet. Now, they can talk to other devices and processesin other locations and other organizations within their supply chain. The entire supply chain and partner ecosystem became connected.One could say mission accomplished, but then as is almost always the case cybercriminals and bad actors looked to exploit vulnerabilities in these interconnected networks and cause harm.
While these technologies have deliveredmany significant benefits such as reduced costsand improvedproductivity, the urgency to hop on to the Internethas left many manufacturing companies vulnerable to attack.
Key Lessons
Learning fromthese and other incidents, certain key patterns have emerged. The attackers spentmonths understanding OT networksand the key people involved togather their credentials. The initial compromise happens inthe IT network, using some known unpatched vulnerabilities on the IT devices (in one case hackers leveraged old vulnerabilities in Fortinet's VPN software), or some common phishing techniques. Once on their internal network they jump on to the industrial OT network-- the network that directly interactswith machinery- to carry out their actual attack.
How to Fix Top Vulnerabilities
Researchers identified that thetop vulnerabilities were information leakage, insufficient session expiration, cross-site scripting, insufficient transport layer protection,and content spoofing. With proper network security policies configured on the security devices, many of these vulnerabilities can be fixed. On a broader context, here are some simple actions that you can take.
How to Protect Your Network and Data
Layered Defense:Of course INTRUSIONrecommends a layered defense in all cases, to include implementing a rigid information security policy. This includes boundary firewalls, virus/malware protection on all hosts and servers. But also, company owners need to rethink how to defend against what other solutions can't. Not just from the technology perspective, but from the financial perspective.
Why INTRUSIONShield: All those previous mentioned technologies operate on the Layer 1, 3, and 4 of the OSI model or TCP/IP stack. However, most new malware such as zero-day and file-less types do not. Therefore, the typical aforementioned technologiesdo little to stop these new type of attacks. Second and most important, while these new types of malware live on your network patiently waiting, they must eventually call home for instructions on what to do next. Only INTRUSION's Shield, using real-time Artificial Intelligence, will inspect every inbound and outboundpacket to and from your network and comparesthat to a live list of 5.1 Billion verified good IP addressesout of 8.5 Billion total IP addresses.If your data is destined to any other IP address or URL (website), Shieldwill automatically kill that attempted connection. The zero-day and file-less malware may be on your network, but unless it can talk to home station for its next instructions it is dead on arrival.
Sources:
https://resources.trendmicro.com/Industrial-Cybersecurity-WP.html
https://www.industryweek.com/technology-and-iiot/article/21156122/bombardier-suffers-cyber-attack
https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/threat-report-h1-2020.pdf
https://www.cyberscoop.com/fbi-darkside-colonial-pipeline-ransomware/