Cybercriminals are Industrious When Hacking Industries

 

In recent years, cyber-attacks on industrial control systems and critical infrastructure all together have been on the rise.

A recent study by Bitkom shows that cyber-attacks cost the German industry almost $50 billion. Those attacks are not limited to Europe’s strong economy. Hackers are known to have manipulated critical industrial safety systems to cause physical damage.

This poses a major question: Which sectors are the most critical and at risk? The United States Home Land Security (HLS) warns that there are 16 critical infrastructure sectors “whose assets, systems, and physical or virtual networks are so vital that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” These sectors are as follows, in alphabetical order: chemical, commercial facilities, communications, critical manufacturing, dams, defense industrial bases, emergency services, energy, financial services, food & agriculture, government facilities, healthcare & public health, IT, and water & waste water systems. To complicate matters, the vast majority of critical infrastructure is in private hands.

If we take a look at the latest attacks in the table below, we see that the motives vary, from hacktivism (RWE attack), ransom, state sponsored cyber attacks (China is the main suspect in the TSMC hack), revenge (Tesla hack) and plain old greed (British Airways attack).

 

Target

Date

Attack

Fallout /Damage

Energy provider RWE in Essen, Germany

September 2018

DDoS warning from hacker group Anonymous Deutsch for more cyberattacks to come

Shutdown of RWE’s websites to pressure RWE to stop the deforestation of the Hambach forest

Port of Barcelona, Spain September 2018 Most likely a ransomware attack (no details were made public) Some of the port’s servers and systems were breached, forcing the organization to launch the contingency plan. No further details were provided
Port of San Diego, USA September 2018 Most likely a ransomware attack (no details were made public) Information technology systems were disrupted. No further details were provided
British Airways August/ September 2018 The website and mobile app of British Airways were hacked Bank details of almost 400,000 passengers were stolen
Taiwan Semiconductor Manufacturing Co (TSMC), the world's largest contract chipmaker August 2018 A virus outbreak during the software installation of a new tool infected a number of computer systems and fab tools $170m hit regarding third-quarter results which is a cut of 2% of the Q3 2018 results; shares slipped 0.6% in Taipei
The Long Beach port terminal of the China Ocean Shipping Company (COSCO) July 2018 Ransomware attack No electronic communications possible, COSCO’s website and toll-free number were both down
Tesla’s Manufacturing Operating System (MOS) June 2018 Former employee hacked the MOS factory The hacker transferred several gigabytes of company data to external entities
Satellite operators, defense contractors, and telcos in the United States and southeast Asia June 2018 Hacker group “Thrip” installed “Trojan.Rikamanu” and “Infostealer.Catchamas” malware on affected computers. National espionage goals, such as the interception of military and civilian communications

 

Although industries across the board (especially gas & oil companies) have been increasing their security substantially during the past few years, it remains a struggle to keep up (let alone stay ahead) of threat actors despite strong partnerships between the public and private sector. This means that investments in cyber security will continue to grow. According to a recent report by Global Market Insights, Inc, the Industrial Control Systems (ICS) security market is expected to grow from its current market value of more than $1.5 billion to over $7 billion by 2024. If we look at the breakdown, we see that endpoint security is still a main focus, followed by network security and ruggedized firewalls for maintaining and managing network traffic in industrial infrastructure operating in harsh environmental conditions. In short, the focus will be on comprehensive security solutions and services that should not only be reactive, but also proactive.

That’s where Cymulate comes to help. To assist with your efforts to protect critical assets, Cymulate offers a convenient and easy way to test your cyber security posture. Cymulate’s Breach & Attack Simulation (BAS) platform allows for an organization to run real cyberattacks in its own environment in a safe manner without harming your network in any way. There is a choice of eight different scenarios to run including immediate threat alert assessment to check the organization’s vulnerability of the latest threats: endpoint assessment to check if endpoint security solutions are installed correctly, phishing assessment to check employees’ awareness of socially engineered attack campaigns that hackers often use to install ransomware or APT attacks, and data exfiltration assessment that tests the control of outbound critical data before any sensitive information is exposed. Organizations can choose to run one, more or all assessments. The simulations can be scheduled in advance (e.g., every week on Sunday morning at 6am) or ad hoc (at any time, from anywhere).

To test it out, contact Cymulate for a free trial.

Filed Under: Vulnerabilities, Data Breach, Ransomware, Cybercrime, Cyber Attacks, Cyber Security, Critical Infrastructure