October news roundup: Are we ready for cyberwarfare?

•  “Control systems are under attack: 4SICS” by Tony Morbin of SC Magazine UK

• “Pharmaceuticals, Not Energy, May Have Been True Target of Dragonfly, Energetic Bear” by Sara Peters of Dark Reading

•  “Cyber Weapons Hold ‘No Taboo’ For States” by Jimmy Nicholls of Computer Business Review

• “Sandworm Team Went After Firms Running SCADA” by Phil Muncaster of InfoSecurity Magazine

• “Exploring the 'insecure by design' blind spot in industrial systems” by Peter Behr and Blake Sobczak of E&E News

The rising likelihood of cyberwarfare has been a prominent topic over the last couple of weeks in industrial cybersecurity press. The reports that politically-motivated hackers have no reservations when it comes to launching large-scale cyberattacks against a nation’s critical infrastructure did not mesh well with the news that most industrial control systems are understaffed and underprepared for the possibility of cyberwarfare. Attacks have become increasingly sophisticated, and hackers are determined to get around common firewall defenses through whichever means possible. Overall, this makes the ensured protection of our critical infrastructure all the more important. Here are some recent reports on the topic:

The lack of cyberattacks that have been directed at industrial control systems (ICS) in the past has made them extremely susceptible to future attacks, according to SC Magazine’s correspondent at the Stockholm International Summit on Security in ICS. Because control systems aren’t under attack from advanced threats, such as malware, nearly as much as large enterprises are, the likelihood of a successful hacking attempt is troublingly high. According to the article, there’s little incentive among critical infrastructure security professionals to fix a crisis that hasn’t occurred yet.

The motives behind hacker groups Dragonfly and Energetic Bear may have been misinterpreted all along, according to a new report from Dark Reading. The article claims that compromised companies were not from the critical energy sector, but rather suppliers for OEMs that served pharma and biotech. Dragonfly’s malware concentrated on uploading malicious code into systems that would reflect real-world ICS configurations. The targeted companies’ “trojanized” computers were connected to industrial control system utilities and drivers.

Stewart Baker, a former general counsel for the NSA, warns the industry that organizations have no reservations toward using cyberweaponry as a means to gain power on the international stage. This suggests that the future of international disputes will be settled on a digital battlefield, with the primary target being critical infrastructure, an area where knowledgeable political hackers know they can do a lot of damage.

Security professionals have discovered that Sandworm, a hacking organization with links to Russian cyberespionage, are likely going after industrial SCADA systems that use products from GE Intelligent Platforms by way of malware. Researchers from Trend Micro claimed that the hackers used files that run through the application, CIMPLICITY, in order to gain closer access to the programs that run in conjunction with SCADA systems.

Peter Behr and Blake Sobczak look at how a large amount of basic vulnerabilities affecting power grids, factories and pipelines have gone largely unaddressed. This is as a result of the sensors and remote controllers that play a huge role in transferring vital data throughout ICS being built without cybersecurity in mind. Thus, critical infrastructure is left with a gaping flaw in security by the design of the systems themselves.

Want to read more? See what we had to say about cyberwarfare earlier this year.

Desperately Seeking SCADA

Shodan, “the scariest search engine on the Internet,” was back in the news this month with the launch of Shodan Maps. For those unfamiliar, Shodan tracks devices that are connected to the Internet, including SCADA and industrial control systems (ICS). Now, instead of just identifying these systems, searchers can see where they’re located. This is troubling, as it gives our adversaries physical directions to what appear to be poorly defended critical infrastructure systems. 

Fortunately, Shodan isn’t designed for your average Googler. Those who are capable of carrying out a large-scale cyberattack against critical infrastructure sites, though, will have the technological knowhow to navigate the search engine. Researchers with Project SHINE have identified more than 1 million IP addresses globally that are potentially associated with SCADA and ICS devices. However, at the recent Public Safety Canada ICS Security Workshop, it was reported that the DHS investigated the 500,000 American IP addresses SHINE reported, and found that only a little more than 7,000 were real control system equipment. While this is a small percentage of the original number, it is still a disturbing amount of equipment.

The issue remains: in a constantly connected universe, any system that is connected directly or indirectly to the Internet is vulnerable to attack. Large scale control systems recognize this and are buried behind layers of firewalls, but firewalls aren’t enough to defend against modern day cyberthreats. Firewall vulnerabilities are well known to anyone with a modest security background, and control systems connected to the Internet is a problem made worse by exposing them via search engine.

The best-defended control systems, such as those at every American nuclear plant and an even larger number of conventional power plants, have installed Unidirectional Security Gateways, a stronger-than-firewall technology that thoroughly protects control systems from Internet attacks, however indirect they are. That someone with average skills can locate Internet-exposed control systems should inspire any utility manager to improve defenses.

See how unidirectional security gateways can deliver true security.

Follow us on Twitter @WaterfallSecure.

Like us on Facebook.

Follow us on LinkedIn.