As the political environment starts to worsen here in the United
States, and as the drama starts to unfold next year with all of the trials and
new Presidential Elections, Cybersecurity will for sure start ramping up yet once
again.
There will of course be the fears of the Chinese and
Russians once again interfering, but now the new fear will be those of attacks
onto our Critical Infrastructure. This
is something that I have written about before, and have even written articles
on.
We have already seen attacks take place, with the most
famous example being that of the Colonial Gas
Pipeline. But once inside the infrastructure,
the Cyberattacker is geared towards one
main thing: Gaining access to the Industrial
Control Systems, also known as the “ICS” for short. You may be wondering what it is exactly? It
can be defined as follows:
“Industrial control system (ICS) is a collective term
used to describe different types of control systems and associated
instrumentation, which include the devices, systems, networks, and controls
used to operate and/or automate industrial processes.”
(SOURCE: https://www.trendmicro.com/vinfo/us/security/definition/industrial-control-system)
So as you can see, it is not just one system or component,
but rather multiple ones of them, which make for example, the water supply
system abundant and immediately available when you turn the faucet on. But what makes these so vulnerable is that
they are all interconnected together.
So if you hit one component, it will have a cascading effect
on the others, most likely shutting the whole thing down.
Unlike with digital assets, where you can segment them out
into different zones, the same cannot be said of Industrial Control
Systems. The primary reason for this is
that the ICS technology is incredibly old, going back all the way to the
1960s. But attacks to ICS systems is
nothing new, as a review of the following attacks demonstrate:
1)
Stuxnet:
This is probably the most talked about
attack to an ICS system. It was not
launched by Cyberattackers, but rather by the United States. The intent here was to target the centrifuges
in the key nuclear facilities located in Iran, in an effort to halt their
nuclear program.
More details on it can be seen at the link
below:
2)
Havex:
This is an actual security breach
in which the Cyberattackers launched different attack vectors, such as using
Phishing Emails and defacing the websites of various ICS facilities. In this instance, legitimate software patches
and upgrades were replaced with malicious ones, which were hard to tell
from. Once they were downloaded and
applied, the goal was to totally infect the Network Infrastructure of an ICS
facility.
More details on it can be
seen at the links below:
https://www.cisa.gov/news-events/ics-alerts/ics-alert-14-176-02a
https://archive.f-secure.com/weblog/archives/00002718.html
3)
Black Energy 2 -3:
This kind of attack was launched at
the United States directly, focusing upon nuclear power plants, electric grids,
water purification systems, and oil and gas pipelines. This
same piece of malware was used to attack into the Energy Infrastructure of the Ukraine. But this time, the Cyberattackers had manually
find their way around the IT and Network Infrastructures, and from there, and delivered
the malicious payload.
More details on it can be seen at the link below:
https://abcnews.go.com/us/trojan-horse-bug-lurking-vital-us-computers-2011/story?id=26737476
4)
Industroyer Crashoverride:
This piece of malware was designed
to specifically cause damage to the Critical Infrastructure in which the Cyberattackers
targeted. This was deemed to be a step
up when compared to the other previous three attacks, because the Cyberattackers
communicated directly with ICS based protocols.
More details on it can be seen at the link below:
https://www.dragos.com/wp-content/uploads/CrashOverride-01.pdf
5)
Trisis/Triton:
This attack was deemed to be
different than the others, in that this threat variant specifically the
targeted the safety mechanisms that are in place at the various ICSs. This was also considered to be a step up than
when compared to the other attacks.
More details on it can be seen at the link below:
6)
Industroyer2:
This was once again geared towards the
energy facilities based in the Ukraine, but this time, the threat variant was
aimed at the circuit breakers, by repeatedly turning them on and off, in both
random and successive fashions.
More details on it can be
seen at the link below:
https://www.dragos.com/threats/the-2022-ics-ot-vulnerability-briefing-recap/
7)
Pipedream:
So far, this has been deemed to be
one of the worst pieces of malware to come out against ICS. It has the ability to directly interact with other components of the ICS, and even
find its way around it on an automated
basis.
More details on it can be seen at the link below:
https://www.dragos.com/threats/the-2022-ics-ot-vulnerability-briefing-recap/
My Thoughts On This:
So as you can see, the threats against ICS and Critical
Infrastructure is getting much more sophisticated and covert, as evidenced by
the above chronology of events. But the
silver lining in the cloud here is that it does take time for the Cyberattacker to launch a threat
against an ICS. It is not the same thing
as targeting IT or Network Infrastructure,
as the components are far more outdated and require careful study.
But even in this realm, the Cyberattacker is about to catch
up, and take the lead. It is absolutely imperative that this does not happen,
so that as a society, we can mitigate the risks of anything drastic happening to our precious resources. Remember, their goal is not to steal just PII datasets, but cause
as much physical damage as possible.
No comments:
Post a Comment