As cyberattacks become more prevalent and sophisticated, the nature of the attacker is changing. We’re seeing fewer lone wolves, and more organized criminals who are packaging attack kits and selling them on the dark web. Their attacks aim at either commerce or control. The IT intruders seek commercially valuable personal or financial data, while operational technology (OT) attacks seek control of plants or factories for potential sabotage.
|Image courtesy of Symantec.|
Sometimes OT attackers want to do damage, while other times they hide and wait. For years, we’ve heard rumors that hostile governments have placed potentially destructive cyber-bugs in US power plants, but they are reluctant to set their bugs in motion, because the US has bugs in their plants, as well.
“The attackers’ goals for IT systems is information exfiltration, but for industrial OT systems, the attacker’s goal is typically sabotage,” Ashok Banerjee, CTO for enterprise security products at Symantec, told Design News. “Attackers typically want to have remote control of the industrial network and be able to disable a power grid or cause a collision or explosion. Typically, attackers hold this control for extended intervals, triggering it when needed.”
The Race to Counter Cyberattacks
Since the beginnings of the first computer viruses, there has been a race between the hackers and cyber protection. Banerjee believes the defense against attacks is finally pulling ahead in the race. “Cyberattacks and cyber defense have co-evolved. With the rise of cybersecurity, attackers with increasing sophistication have flown just below the radar of three or four different products,” said Banerjee. “2018 will be the year where multiple products will orchestrate learnings across static scans, network behavior, process behavior, IO behavior, content behavior, and IoT interactions to determine benign and malicious elements. This will be the year where multiple technologies work together to protect from the next frontiers of attacks.”
Banerjee noted that the work of finding a hacker within a system remains a formidable task. “Discovering an intruder is not like looking for needles in a haystack but rather it’s like looking for needles that actively work to look like hay in a haystack,” said Banerjee. “Attackers include very well-resourced groups that are backed by nation states, and they’re targeting private companies.”
|Ashok Banerjee will present the seminar, You Can’t Ignore Security in IIoT, next month on Tuesday, February 6, at the Pacific Design and Manufacturing Show in Anaheim, Calif.|
A Changing Perimeter Is Difficult to Secure
Securing the perimeter was much easier in the days when the perimeter simply surrounded a building or an industrial operation. Connectivity has changed the very nature of the perimeter. “The perimeter is more porous than ever before. Our greatest assets are increasingly in the cloud. That includes customer data in CRM or HR data in Workday,” said Banerjee. “The mobile worker, consultants, and vendors are constantly on mobile networks that connect to industrial networks and they’re connecting to a Starbucks wi-fi. We truly need to cover a lot more surface than before.”
Finding a bug in compromised systems is also becoming more difficult. Locating the entrance point of the compromise does not necessarily lead to the intruder. “If you were trying to locate the path of water coming in from a leaky roof, it would be straightforward. Rain is a passive system. It isn’t going to change direction to suddenly flood your house in a different location,” said Banerjee. “Cybersecurity is an active system. If there is single vulnerability, you can rest assured attackers will use that single path to flood your system wherever it can reach.”
Hackers Probe from Afar and Sell Attack Kits
The significant increase in the connectivity of industrial networks through IoT devices has prompted a coinciding increase in those who are seeking to penetrate those systems. “With increasing commerce and industrial controls on the internet, there are more attackers. The surface is ever expanding with a lot more industrial controls coming online,” said Banerjee. He noted that these new threats are no longer coming from lone-wolf hackers. “They are organized marketplaces, often regionalized in Brazil, Russia, or China. They generally pick targets that are outside the jurisdiction where they live.”
The hackers are probing networks and creating kits based on the vulnerabilities they find. “Attackers are testing platforms. They’re constantly testing their kits against anti-malware like Symantec. They sell these kits on the dark web,” said Banerjee. “These are regular exploit kits embedded as libraries. There are also exploit kits delivered as RaaS, or Ransomware as a Service.”
Rob Spiegel has covered automation and control for 17 years, 15 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years, he was owner and publisher of the food magazine Chile Pepper.
|Pacific Design & Manufacturing , North America’s premier conference that connects you with thousands of professionals across the advanced design & manufacturing spectrum, is back at the Anaheim Convention Center February 6-8, 2018! Over three days, uncover software innovation, hardware breakthroughs, fresh IoT trends, product demos and more that will change how you spend time and money on your next project. CLICK HERE TO REGISTER TODAY!|