Thousands of industrial facilities have their systems infected with common malware every year, and the number of attacks targeting ICS is higher than it appears, according to a study conducted by industrial cybersecurity firm Dragos.
This includes one variant posing as Siemens PLC firmware that has been in action since 2013. The backdoor malware is packaged to appear as a Siemens programmable logic controller installer file, and around 10 industrial sites have reported coming across the targeted attack campaign, seven of which are located in the US as well as some in Europe and China. IT security experts from Airbus Cybersecurity and Nozomi Networks commented below.
Andrew Cooke, Head of ICS Consultancy at Airbus Cybersecurity:
“In the days of Industry 4.0, industrial control systems are no longer isolated, but operate as part of a complex production network. Malware is prevalent in a wide range of industrial systems, often spread by an infected USB stick or by unauthorised remote access. But while the majority of malware found in these systems is low-level, it can still pose a serious risk for the organisations concerned. Sophisticated attackers often use these methods to gain valuable intelligence about the way that a system is operated, configured and run.
Cyber attacks on industrial systems can cause significantly more disruption than attacks against a typical enterprise. The attacks on power grids in Ukraine in late 2015 seriously destabilised the country, and demonstrates the potential for cyber attacks to be used as part of a larger military assault. Any part of a country’s national critical infrastructure – from telecommunications companies to transport networks – need to be prepared for future threats. The best defence for industrial systems involves comprehensive monitoring for cyber resilience, early detection of attacks and detailed incident response planning.”
Edgard Capdevielle, CEO at Nozomi Networks:
“That ICS themed malware exists is not surprising, but it is concerning. The reality is that ICS networks today face all the same security challenges as every other IT network but lacks similar security options.
“Historically ICS was designed to be completely segregated and confined by physical boundaries. However, each new IP address punches another hole in the metaphorical wall that separates Information Technology (IT) and Operational Technology (OT). Having established IT connectivity it’s difficult to put the genie back in the bottle and each of these avenues is potential point of weakness that can be compromised – by hackers burrowing in or malware – such as ransomware, detonating internally and then radiating out.
“Currently, security in control systems today is bolted on rather than designed in and that’s like selling a car with seatbelts as an optional extra.
“We need to rethink security so its designed in from the outset, so as new technology is implemented in ICS and SCADA infrastructure it is secure and as new threats – such as ransomware, emerge they are thwarted.
“Control system traffic is predictable so, by establishing a baseline of ICS network communications and conducting active monitoring for anomalies, anything that detracts from expected behavioural patterns identifies malicious or unintentional process impacts/disruptions – whether from internal or external sources.”