For some time now, authorities have been worried that their critical infrastructure will be shut down or severely compromised.
Some institutions experience thousands of attempted attacks on a daily basis by hackers, cyber criminals and rival nations. According to the US Department of HLS, especially the following critical infrastructure sectors are at risk: Chemicals, commercial facilities, communications, critical manufacturing, dams, defense industrial base, emergency services, energy, financial services, food & agriculture, government facilities, healthcare & public health, information technology, nuclear reactors, materials & waste, transformation systems, water & waste systems.
We already saw some sporadic ones in past years:
|Jan. 2010||Natanz nuclear enrichment plant in Iran||Hackers used Stuxnet to silently sabotage centrifuges. First subcontractors using malware infested USB drives, who then infected the infrastructure of the plant||Shutting down centrifuges that enrich uranium gas which slowed down production|
|Dec. 2015||Power station||Crash Override malware attacked SCADA system. The hackers used phishing emails to spread the malware||Shutting down 30 substations, leaving 230,000 people without power for hours|
|Dec. 2016||Pivichna substation near Kiev||Supervisory Control and Data Acquisition (SCADA) systems was attacked||Hour long blackout|
|2013, reported in 2016||Rye Brook, New York Dam Attack||Hackers succeeded in accessing the core command-and-control system using a cellular modem.||Unknown|
|2015/2016||SWIFT global bank messaging system||North Korean hackers used vulnerabilities in the defenses of banks to access their systems and ultimately gain access to their legitimate SWIFT credentials||Theft of $81 million from the central bank of Bangladesh|
|Wolf Creek Nuclear Operating Corporation, based in Kansas||Hackers tried to access critical control systems||Unknown|
|August 2017||Irish power grid company EirGrid||State-sponsored hackers installed eavesdropping software on EirGrid’ routers to see encrypted communications sent by the company||Unknown|
The latest attack in January 2018 on the control systems of an industrial plant in the Middle East, could signal the beginning of a new cybercrime and cyberwarfare wave systematically targeting critical infrastructure. In this documented attack the attackers made use of Triton or Trisis malware which exploits vulnerabilities and failsafe mechanisms of industrial plants. The hackers were able gain access to some of the plant’s stations and safety control network by exploiting vulnerabilities in Schneider Electric’s Triconex Tricon safety system firmware. The hackers deployed a remote access Trojan to target the industrial control systems. The complex malware infection scenario was directed at breaching the plant’s Triconex Tricon safety shutdown system. If the breach would have been successful, the hackers would be able to sabotage the system in countless ways. Since the actual payload was not delivered, the true intent of the attack remains a mystery. However, the hackers went through a lot of trouble, getting in-depth knowledge of both Schneider products and their target industrial plant. They must have invested considerable time and resources in reverse-engineering Schneider code to find the vulnerabilities in the older 10.3 version of the Triconex firmware.
In its Global Risks Report 2018, the World Economic Forum points out that the use of cyberattacks to target critical infrastructure and strategic industrial sectors is a growing trend. The report points out that this raises fears that, in a worst-case scenario, attackers could trigger a breakdown in the systems that keep societies functioning. To illustrate, the report mentions that WannaCry attack which disrupted critical and strategic infrastructure across the world, including government ministries, railways, banks, telecommunications providers, energy companies, car manufacturers and hospitals.
In case of organizations dealing with critical infrastructure and systems, as well as governmental agencies and operators, Cymulate’s solutions can assist with their IT networks security. Cymulate’s Breach & Assess Simulation (BAS) platform enables them test the parameters which hold the ICS and potential compromised connections between the ICS and the IT network.
Curious to test it out? Sign up for a free trial to find out if your IT infrastructure is secure.