-mask

Will 2018 Be the Year of Critical Infrastructure Cyberattacks?

For some time now, authorities have been worried that critical infrastructure cyberattacks will be shut them down or severely compromised them.

Some institutions experience thousands of attempted attacks on a daily basis by hackers, cyber criminals, and rival nations. According to the US Department of HLS, especially the following critical infrastructure sectors are at risk:  Chemicals, commercial facilities, communications, critical manufacturing, dams, defense industrial base, emergency services, energy, financial services, food & agriculture, government facilities, healthcare & public health, information technology, nuclear reactors, materials & waste, transformation systems, water & waste systems.

We already saw some sporadic ones in past years:

Year Target Attack Fallout
Jan. 2010 Natanz nuclear enrichment plant in Iran Hackers used Stuxnet to silently sabotage centrifuges. First subcontractors using malware-infested USB drives, who then infected the infrastructure of the plant Shutting down centrifuges that enrich uranium gas which slowed down production
Dec. 2015 Power station Crash Override malware attacked SCADA system. The hackers used  phishing emails to spread the malware Shutting down 30 substations, leaving 230,000 people without power for hours
Dec. 2016 Pivichna substation near Kiev Supervisory Control and Data Acquisition (SCADA) systems were attacked Hour-long blackout
2013, reported in 2016 Rye Brook, New York Dam Attack Hackers succeeded in accessing the core command-and-control system using a cellular modem. Unknown
2015/2016 SWIFT global bank messaging system North Korean hackers used vulnerabilities in the defenses of banks to access their systems and ultimately gain access to their legitimate SWIFT credentials Theft of $81 million from the central bank of Bangladesh

July 2017

Wolf Creek Nuclear Operating Corporation, based in Kansas Hackers tried to access critical control systems Unknown
August 2017 Irish power grid company EirGrid State-sponsored hackers installed eavesdropping software on EirGrid’s routers to see encrypted communications sent by the company Unknown

The latest attack in January 2018 on the control systems of an industrial plant in the Middle East, could signal the beginning of a new cybercrime and cyberwarfare wave systematically targeting critical infrastructure. In this documented attack, the attackers made use of Triton or Trisis malware which exploits vulnerabilities and failsafe mechanisms of industrial plants. The hackers were able to gain access to some of the plant’s stations and safety control network by exploiting vulnerabilities in Schneider Electric’s Triconex Tricon safety system firmware. The hackers deployed a remote access Trojan to target the industrial control systems. The complex malware infection scenario was directed at breaching the plant’s Triconex Tricon safety shutdown system. If the breach would have been successful, the hackers would be able to sabotage the system in countless ways. Since the actual payload was not delivered, the true intent of the attack remains a mystery. However, the hackers went through a lot of trouble, getting in-depth knowledge of both Schneider products and their target industrial plant. They must have invested considerable time and resources in reverse-engineering Schneider code to find the vulnerabilities in the older 10.3 version of the Triconex firmware.

In its Global Risks Report 2018, the World Economic Forum points out that the use of cyberattacks to target critical infrastructure and strategic industrial sectors is a growing trend. The report points out that this raises fears that, in a worst-case scenario, attackers could trigger a breakdown in the systems that keep societies functioning. To illustrate, the report mentions the WannaCry attack, which disrupted critical and strategic infrastructure across the world, including government ministries, railways, banks, telecommunications providers, energy companies, car manufacturers, and hospitals.

When organizations deal with critical infrastructure and systems, as well as governmental agencies and operators, Cymulate’s solutions can assist with their IT network security. Cymulate’s Breach & Assess Simulation (BAS) platform enables them to test the parameters which hold the ICS and potential compromised connections between the ICS and the IT network.

Test the effectiveness of your security controls against possible cyber threats with a 14-day trial of Cymulate’s platform.

Start a Free Trial

Don’t speculate, Cymulate