Infrastructure Security in the Age of Ransomware

Stuxnet gave the world a grasp on how real and devastating cyber-security risks in critical infrastructures can be. In the era of industrial IoT and increasingly complex cyber-threats, attacks on public infrastructures, particularly in the energy sector, are becoming frequent.

Critical infrastructure such as electric and water utilities are being temporarily shut down as ransomware plagues corporate systems, causing hours of downtime. The health industry has also fallen victim to these cyber-extortion techniques.

What are the risks?

The risks go beyond operability, financial losses and credibility. Cyberattacks on industrial systems can cross the line into threatening human lives.

“Whether it’s a dam in Rye Brook, or our power grids, our financial institutions, our water systems, or our online networks, these parts of our infrastructure are at risk and are under assault like never before, and we need to do more about it,” US Senator Charles E. Schumer said after Iranian hackers breached the Bowman Avenue Dam near Rye Brook, New York and gained control of the floodgates.

Recently, a German nuclear power plant in Bavaria has admitted that its systems are riddled with malware. In 2015 a hacker managed to enter the systems of a nuclear power plant in South Korea.

However, securing vital systems from multiple attack vectors is a serious challenge that requires joint efforts from international organizations, the private sector, the civil society and, especially, governments. It also presents a set of unique difficulties.

Sophistication of attacks

Cyber-threats are expanding in every way - from attack frequency to scale, sophistication and impact severity. The rate of code vulnerabilities found in dated, internet-accessible software also shows no signs of abating.

"A wide variety of threats ranging from Advanced Persistent Threats (APT), to sophisticated and common malware [are] found in the ICS environment,” the ICS-CERT reports. “Other incidents in the water and commercial sectors involved Internet-facing systems with weak or default credentials."

For instance, Black Energy was a malware toolkit developed to infect Ukrainian power authorities. It overwrites system data to control manual functions such as modifying temperature controls and turning pumps on and off at wind turbines, power transmission grids, oil and gas pipelines. Its goal was to sabotage critical parts of an industrial control computer’s hard drive.

Crypto-ransomware that leverages clever engineering techniques is also on the rise. Almost 10% of ransomware-infected emails sent globally target German users, according to cybersecurity provider Bitdefender.

Compliance

As more IT systems running critical infrastructure organizations connect to the public Internet – such as Industrial Control Systems and SCADA applications – new laws and national cybersecurity strategies are becoming mandatory.

Infrastructure operators must apply state-of-the-art measures to prevent unauthorized access to their technical systems and secure them against data breaches and other incidents, including outside attacks. Otherwise, they can face fines of hundreds of thousands of dollars. But not all organizations are ready to comply -- their current spending may not meet the demands of the new regulations.

Over-Confidence

Despite the increasing number and severity of attacks targeting critical infrastructure, technology and security professionals remain confident in their cyber defenses, studies have shown.

Cyber forensics

Global security executives’ trust in their organization’s cyber preparedness is sometimes unfounded. As proof, most attacks in recent headline-grabbing security incidents were under way weeks or months before initial detection. More than once, the vectors for attack could not be determined because the systems lacked detection and monitoring capabilities. In other cases, engineers did not even know if the problem was caused by a cyber-attack.

Sharing information

Sharing network and defense information with other organizations in the same industry or a national or international agency is often the missing piece of the puzzle. Critical infrastructure operators often loathe disclosing information for fear of damaging their reputation or risk of punishment by the government. But operating in a silo does not help cybersecurity.

In a nutshell, businesses operating public or private infrastructures that want to enhance cyber-security can start by:

▪        Deploying anti-malware software where possible

▪        Preventing unauthorized access to secure locations

▪        Applying application whitelisting to prevent unauthorized applications from running

▪        Deploying a breach detection system

▪        Enabling a USB lockdown on all SCADA environments to stop malware from physically entering the environment

▪        Deploying basic security measures in between network segments, such as firewalls/IPS.

MacWorld

« Air Gapping Critical Process Control Networks
The Nation State Hack-Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cybertekpro

Cybertekpro

Cybertekpro is a specialist insurance broker providing Cyber Liability insurance and cyber risk assessment services.

Trapezoid

Trapezoid

Trapezoid is a cybersecurity company developing Firmware Integrity Management solutions designed to detect unauthorized changes to firmware & BIOS across the entire data center infrastructure.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Arm

Arm

Arm delivers a complete IoT solution, from providing the IP for the chip to delivering the cloud services to securely manage the deployment of products throughout their lifecycle.

Iowa Cyber Hub

Iowa Cyber Hub

Iowa Cyber Hub is a cybersecurity education partnership between Iowa State University and Des Moines Area Community College.

NuCrypt

NuCrypt

NuCrypt is developing technology that is applicable to ultrahigh security data encryption as well as key distribution.

GBT Technologies

GBT Technologies

GBT Technologies is a technology company focused on chip design and software to enable IoT, global mesh networks, and for applications relating to artificial intelligence.

Quantum Security Solutions (QSec)

Quantum Security Solutions (QSec)

QSec is an innovative information security consultancy based in Ghana. We can provide your organisation with information security products and services that assure against information risk.

Digital Identification & Authentication Council of Canada (DIACC)

Digital Identification & Authentication Council of Canada (DIACC)

DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian framework for digital identification and authentication.

TechBase

TechBase

TechBase is an innovation and start-up center offering technology-oriented start-ups optimal conditions for successful business development.

KirkpatrickPrice

KirkpatrickPrice

KirkpatrickPrice is dedicated to providing you with innovative security guidance and efficient audit services.

Yogosha

Yogosha

Yogosha is a crowdsourced cybersecurity platform enabling a win-win collaboration with the most talented hackers to detect and fix vulnerabilities on your most critical systems.

Bright Security

Bright Security

Bright Security is a developer-centric Dynamic Application Security Testing (DAST) solution that helps organizations ship secure applications and APIs quickly and cost-effectively.

eCloudvalley Digital Technology

eCloudvalley Digital Technology

eCloudvalley Digital Technology is a born-in-the-cloud partner focused entirely on AWS services across APAC region.

Mutare

Mutare

For three decades, Mutare has been empowering organizations to re-imagine a better way to connect through our transformative voice security, digital voice and text messaging solutions.

Sequentur

Sequentur

Sequentur is an award-winning Managed IT Services company. We are SOC 2 certified and provide Managed IT Services and Cybersecurity services to businesses nationwide.