Cybersecurity researchers have revealed the development of a new, custom form of ransomware targeting industrial systems (SCADA). The malware and subsequent attack on a simulated water treatment plant were designed to highlight how cyberattackers could disrupt key services which cater for our critical needs, such as energy providers, water management utilities, heating, ventilation and air conditioning (HVAC) systems or escalator controllers. IT security experts from NSFOCUS, AlienVault, ESET and Nozomi Networks commented below.
Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS:
“One of the greatest threats to SCADA implementations and the industrial control systems (ICS) they regulate, is the loss of view and loss of control over these critical components. Anything that causes a denial of service for operators can result in some pretty scary scenarios. From systems running completely out of control on their own, to operators making wrong decisions due their loss of view, these situations are disasters in the making. Due to the primitive security measures implemented on most ICS technologies, and the antiquated operating systems and applications in use, the likelihood of a ransomware infection is quite higher than most would like to admit.”
.
Javvad Malik, Security Advocate at AlienVault:
“We’ve seen ransomware grow rapidly, and there is growing attraction to hit more critical targets such as hospitals that are more likely to pay larger sums quickly.
In that regard, it is no stretch to imagine attacks against SCADA systems are on attacker wish-lists. However, many attackers will be concerned about the level of scrutiny such an attack could place on them. Many ransomware attackers are cybercriminals wanting to make some money in an easy manner, and probably don’t want the attention associated with being labelled a ‘cyber’ terrorist or having declared an act of war.
Another reason why we possibly haven’t seen such attacks is that SCADA systems have typically been segregated and not publicly accessible. However, there are several factors that indicate that the likelihood of such an attack will increase over time. The scope of what is deemed critical national infrastructure is ever-increasing. There is an increased reliance on the internet to keep systems running which results in more systems being exposed. There is also the drive towards ‘smart cities’ which will further expose critical systems to the public internet. What this means is that even if attackers can’t compromise SCADA systems directly, they can likely compromise systems that SCADA rely on, thus having a similar effect.”
“Any threat that can have real world consequences is something that needs to be addressed and monitored closely. A lot of the malware we see and hear about is designed in such a way that it spreads and propagates looking for viable targets, but targeted malware is very different. Usually targeted malware is configured and aimed at a particular industry or sector. With so much of our industry digitally operated or maintained this could prove in its worst case scenario very bad indeed. But the same rules apply to any area that may be the target of ransomware, it has to be installed and it has to be able to gain complete control. With the right levels of security we can limit its attack vector and have mechanical failsafes to override anything software can instigate. All environments in our digital world are susceptible to attack and need to be protected. Making sure operating systems, applications and security programs are kept up-to-date is one of the first lines of defence and one that often is overlooked or just not possible on bespoke systems designed to do a single task or job.”
“The demonstration by researchers of Georgia Institute of Technology at RSA, showing how water treatment PLCs [programmable logic controllers] can be susceptible to ransomware, is cause for concern – but not unsurprising. The difference between an enterprise falling foul of malware, and a water treatment plant, is the severity of the potential impact as the attack vectors are the same.
“For years security experts have warned that industrial controls systems (ICS) and their components, such as PLCs, are susceptible to many of the same threats faced by other organisations – this research proves that reality, this time thankfully without endangering lives. Without wishing to be dramatic, human safety is a risk should these systems be breached. Water, power, energy, and transportation systems are all operated by similar technologies, ones that have historically been hard to protect, and hackers have already turned the lights off in the Ukraine.
“Fortunately innovations in machine learning and anomaly detection are being applied that can help monitor and protect ICS systems, such as the PLCs used in this demonstration. The question that remains is whether experiments by research teams will be enough to demonstrate the potential attacks aimed at critical infrastructure and drive broad adoption of these new technologies that will help keep us all safe.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.