Any organization, be it private or public, is exposed to a gradual increase in the number of cyberthreats it has to deal with. There is one such sector however, that is particularly important in society: the industrial sector. Cyberattacks can affect operability, business, and customers as is the case in other sectors. For organizations in the industrial sector though, such incidents can also interrupt services that are essential for a whole country.
This is why their cybersecurity is particularly important, and also why they are an increasingly popular target for cyberattackers. A clear example of this was seen in the latest report from the Spanish National Cybersecurity Institute (INCIBE) on the state of industrial cybersecurity in Spain in 2019. The report contains some revealing data about the sector. According to their analysis, throughout 2019, the institution received a total of 207 warnings related to the industrial sector.
Industry in the spotlight_
While the figure is slightly lower than in 2018, when the number of alerts received was 228, INCIBE states that there is a caveat: the organization only compiles the number of notifications made, but each of these notifications may include several different incidents or vulnerabilities. As such, the number of possible cybersecurity problems in the industrial sector is most likely higher than the official figures suggest. Moreover, within the industrial sector, there is another sector that is particularly delicate when it comes to dealing with vulnerabilities: the energy sector, which is, another year running, the sector most commonly affected by cybersecurity incidents.
One of the most affected sectors_
The situation is similar in other countries. The UK National Cyber Security Centre’s (NCSC) 2019 Annual review also analyzed the most frequent cybersecurity incidents, at both a domestic and corporate level.
The report states that over the previous year, the NCSC intervened in 658 incidents involving nearly 900 organizations. Among the worst-hit sectors were several industries, including managed service providers and transport—a similar situation to those seen in other countries.
How to deal with emerging threats_
The industrial sector has a certain disadvantage from the very start compared to other sectors such as IT: while the IT sector has been dealing with vulnerabilities and cybersecurity incidents for many years, in the industrial sector, the situation only came about relatively recently. This means that many control systems in the sector were not prepared for such issues.
In this sense, they can count on the help of Cytomic Platform. It offers high levels of extremely efficient service to expand and accelerate the reduction of the attack surface, as well as the prevention, detection and response to cyberattacks of any kind, carried out with any kind of known or unknown malware, ransomware, APTs, or living-off-the-Land techniques. It constitutes an optimal response to the threats that can infect industrial control systems, such as:
- BlackEnergy: this is the first known successful cyberattack against an electricity grid, which hit Ukraine in 2015. To begin with, it consisted of a Trojan used to create botnets to carry out DDoS attacks. In its latest version, however, it evolved into an APT that used phishing as an attack vector, which allowed it to execute a KillDisk module in SCADA systems, deleting and corrupting the files on the system.
- Crashoverride (also known as Industroyer): This is a piece of malware that uses features from three other well-known strands of malware. Stuxnet, Dragonfly and BlackEnergy2. It is also able to bring one or more electric substations to a halt, as it did in fact manage to do, also in Ukraine.
- Triton (also known as Trisis or Hatman): this malware attacks the industrial control software Triconex, made by Schneider Eléctric, which is used in many energy facilities. It seeks to gain control of the safety instrumented system (SIS), and can lead to blackouts in power stations. One of its victims was a power station in Saudi Arabia.
- WannaCry: possibly the most notorious ransomware of the last few years because of the repercussions it had on organizations in all sectors. The industrial area was also impacted, given that many factory control systems use Windows as platform, and aren’t properly segmented. This led to processes being temporarily interrupted.
- NotPetya: This is one of the most famous Living-off-the-Land attacks. It affected critical infrastructure in Ukraine, even hitting Boryspil airport. It pretends to be a common ransomware attack, but its aim is really to do irreparable damage to the system.
In short, the best defense strategy is to increase awareness of the fact that a cyberattack on an industrial control system could cause the loss of information, interrupt the supply chain, or even cause a power station to stop functioning. All of which means that, as well as detection and response for possible intrusions, prior investigation is also vital to be able to avoid all kinds of vulnerabilities.