October news roundup: Are we ready for cyberwarfare?

•  “Control systems are under attack: 4SICS” by Tony Morbin of SC Magazine UK

• “Pharmaceuticals, Not Energy, May Have Been True Target of Dragonfly, Energetic Bear” by Sara Peters of Dark Reading

•  “Cyber Weapons Hold ‘No Taboo’ For States” by Jimmy Nicholls of Computer Business Review

• “Sandworm Team Went After Firms Running SCADA” by Phil Muncaster of InfoSecurity Magazine

• “Exploring the 'insecure by design' blind spot in industrial systems” by Peter Behr and Blake Sobczak of E&E News

The rising likelihood of cyberwarfare has been a prominent topic over the last couple of weeks in industrial cybersecurity press. The reports that politically-motivated hackers have no reservations when it comes to launching large-scale cyberattacks against a nation’s critical infrastructure did not mesh well with the news that most industrial control systems are understaffed and underprepared for the possibility of cyberwarfare. Attacks have become increasingly sophisticated, and hackers are determined to get around common firewall defenses through whichever means possible. Overall, this makes the ensured protection of our critical infrastructure all the more important. Here are some recent reports on the topic:

The lack of cyberattacks that have been directed at industrial control systems (ICS) in the past has made them extremely susceptible to future attacks, according to SC Magazine’s correspondent at the Stockholm International Summit on Security in ICS. Because control systems aren’t under attack from advanced threats, such as malware, nearly as much as large enterprises are, the likelihood of a successful hacking attempt is troublingly high. According to the article, there’s little incentive among critical infrastructure security professionals to fix a crisis that hasn’t occurred yet.

The motives behind hacker groups Dragonfly and Energetic Bear may have been misinterpreted all along, according to a new report from Dark Reading. The article claims that compromised companies were not from the critical energy sector, but rather suppliers for OEMs that served pharma and biotech. Dragonfly’s malware concentrated on uploading malicious code into systems that would reflect real-world ICS configurations. The targeted companies’ “trojanized” computers were connected to industrial control system utilities and drivers.

Stewart Baker, a former general counsel for the NSA, warns the industry that organizations have no reservations toward using cyberweaponry as a means to gain power on the international stage. This suggests that the future of international disputes will be settled on a digital battlefield, with the primary target being critical infrastructure, an area where knowledgeable political hackers know they can do a lot of damage.

Security professionals have discovered that Sandworm, a hacking organization with links to Russian cyberespionage, are likely going after industrial SCADA systems that use products from GE Intelligent Platforms by way of malware. Researchers from Trend Micro claimed that the hackers used files that run through the application, CIMPLICITY, in order to gain closer access to the programs that run in conjunction with SCADA systems.

Peter Behr and Blake Sobczak look at how a large amount of basic vulnerabilities affecting power grids, factories and pipelines have gone largely unaddressed. This is as a result of the sensors and remote controllers that play a huge role in transferring vital data throughout ICS being built without cybersecurity in mind. Thus, critical infrastructure is left with a gaping flaw in security by the design of the systems themselves.

Want to read more? See what we had to say about cyberwarfare earlier this year.