Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • The Next Disruptive ICS Attacker: Only Time Will Tell
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware

The Next Disruptive ICS Attacker: Only Time Will Tell

4 years ago Craig Young
The Next Disruptive ICS Attacker: Only Time Will Tell

Throughout this blog series, I have examined real-world ICS cyber-related incidents as a way of looking back to predict what the next attack may look like. The three categories of attacker that I have considered so far are disgruntled insiders, ransomware groups, and APT. Knowing about past events, their impact, and how they unfolded can be critical for thwarting similar attacks in the future. As citizens with little or no control over the ICS in our lives, having this knowledge may help us prepare for catastrophe by having appropriate supplies or emergency plans.

As important as it is to study the past and learn from what is already known, it would be foolish to limit our consideration to the events which are behind us. (You wouldn’t drive using just your rear-view mirror, would you?) In this final installment of the series, I will attempt to turn on the headlights and speculate on what other disruptive ICS events may be on our horizon.

It is likely that all three of the attack sources I’ve discussed in this series will continue to happen until serious efforts are made to prevent intrusions or at least identify and evict intruders before they can cause harm. It’s also worth mentioning that the above groups are not mutually exclusive. A disgruntled insider may sell access to a ransomware gang or get recruited by a foreign adversary. Some ransomware attacks have also been attributed to military operations either as a false flag or simply as a means of generating revenue. As I have observed in my own research as well as countless infosec briefings, many ICS networks are very exposed and give attackers an open door to access ICS networks. Fortunately, the complexity of these systems and the real-world implications of their failure are enough to deter most attackers from creating real chaos. Nonetheless, there is still a lot of damage that can be done whether by accident or on purpose.

What the Future of ICS Attacks looks like

The sky is the limit for what a creative attacker can do to leverage access into OT networks. As organizations get better at incident response, attackers will almost certainly respond with new schemes to make money or harm national interests. Sabotage campaigns may move beyond directly targeting or disabling industrial equipment for the sake of disruption and attempt more complex, multi-stage attacks. Some examples may include a foreign adversary preparing for armed conflict by sabotaging weapon components, or a financially motivated group may trigger a plant shutdown to benefit an investment portfolio. These scenarios are only limited by the attacker’s resources and access to industrial process expertise.

Unfortunately, attackers seem to be getting better and better at breaching IT networks and hijacking their associated OT networks. In many ways, the criminal hacking underground has been making itself more and more public with Ransomware-as-a-Service operations and specialized operators selling their services on organized marketplaces. Meanwhile, APT groups have become far more brazen with attacks and with endangering public safety. The time is now for businesses and governments to act swiftly with enhanced security tactics to match the evolving threat landscape with both technological and diplomatic solutions. There will never be a way to fully avoid the threats of compromised industrial systems, but there are certainly things that we can be doing to make it more difficult or costly for attackers.

Basic IT security practices like prompt patching, phishing education, and fine-grained access controls go a long way in making an organization harder to breach. Ultimately though, there needs to be a shift away from decades-old insecure protocols and onto modern encrypted and authenticated channels for thwarting simple spoofing and replay attacks. While IT security went through a kind of renaissance in the early 2000s, OT systems largely missed this push with the expectation that these systems would remain disconnected or that attacks were otherwise infeasible.

This progression can be daunting for industrial operations with high equipment costs and losses tied to even short production outages, but it is necessary to step-up the baseline security of our manufacturing and critical infrastructure systems.

Read more in The Next Disruptive ICS Attacker Series:

The Next Disruptive ICS Attack: 3 Likely Sources for Major Disruptions

The Next Disruptive ICS Attacker: A Disgruntled Insider?

The Next Disruptive ICS Attacker: A Ransomware Gang?

The Next Disruptive ICS Attacker: An Advanced Persistent Threat (APT)?

The post ” The Next Disruptive ICS Attacker: Only Time Will Tell” appeared first on TripWire

Source:TripWire – Craig Young

Tags: APT, Critical Severity, Finance, High Severity, Malware, Phishing, Ransomware, TripWire

Continue Reading

Previous Cisco Issues Critical Fixes for High-End Nexus Gear
Next Critical Flaw Discovered in Cisco APIC for Switches — Patch Released

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

3 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

23 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

1 day ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

1 day ago [email protected] (The Hacker News)

Recent Posts

  • German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT