Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
4/18/2016
10:48 AM
Scott Montgomery
Scott Montgomery
Partner Perspectives
50%
50%

Which Critical Infrastructure Attack Will Be Our Bangladesh Factory Collapse?

Critical infrastructure security is finally getting the attention it deserves; let's hope that it is enough to prevent a major disaster.

Factory fires, mine explosions, collapsed buildings, and other workplace accidents that kill and injure workers have led to occupational health and safety laws in most countries. When workers are not killed or injured, but could have been, these events are referred to as “serious potential incidents.”

In workplaces around the world, we are seeing serious potential incidents from cyberattacks instead of unsafe conditions, machinery, or chemicals. This trend is worrisome for a couple of reasons:

  1. Some of these attacks are conducted with an intent to harm.
  2. The potential for injuries or fatalities is substantial.

Most industrial and critical infrastructure organizations will admit to being probed or attacked on a frequent basis, without success. However, there have been several serious potential incidents in the past couple of years where cyberattacks came close to causing significant harm, including a dam in suburban New York, steel foundry in Germany, and electrical substations in Ukraine.

Flood-Control Dam, New York

Recent indictments against some Iranian hackers by the U.S. Department of Justice have brought renewed publicity to the hacking of a small flood-control dam in suburban New York. In this case, the hackers appear to have stumbled across an unprotected computer at the dam using a search technique known as Google dorking. Using specific search terms on the standard, publicly available Google search-engine, hackers can discover computers, login portals, and other access points that are unintentionally connected to the public Internet. This does not appear to have been a preplanned or coordinated attack, and the hackers could not open or close the primary sluice gate because it was still in manual mode. However, with a 20-foot high-water mark and a neighboring middle school, the potential for death or serious injury from even this small dam is significant.

Steel Foundry, Germany

A preplanned cyberattack that caused a significant amount of damage happened a few years ago against a steel foundry in Germany. In this case, the attackers used spear phishing emails to steal credentials and gain access to the foundry’s business systems. Once inside, the hackers took time to explore the network and found a way to get from the business network to the industrial operations. Demonstrating a sophisticated knowledge of industrial controls and processes, the hackers explored the systems and, whether intentionally or accidentally, caused a series of malfunctions that resulted in more than $1 million in damage to a blast furnace. If the intent was not damage or sabotage to the foundry, what damage could they have caused, perhaps by affecting the quality of steel intended for a bridge or office building?

Electrical Grid, Ukraine

Finally, a sophisticated and methodical attack in December 2015 shut down more than 50 electrical substations in Ukraine, affecting more than 200,000 people who were without power for up to six hours. This attack also started with spear-phishing emails that stole credentials and installed malware, months or even years before the outage. Using their access, the hackers explored the systems, quietly getting closer to the control systems. In addition to turning off the power, this group also made it difficult to restore power, modifying firmware, corrupting master boot records, and even running a denial-of-service attack against the call center. In this case, the business and operations systems were segregated, but allowed VPN access to the SCADA network. The power was out for only six hours, but months later the substations are still working to recover full functionality of the corrupted systems, and most of the substations are still on manual control.

What Will It Take For Us To Secure Our Infrastructure?

Which security incident in the future will become as infamous as the Bangladesh factory collapse that killed more than 300 workers, the Triangle Shirtwaist factory fire where 146 perished, or the non-fatal but embarrassing collapse of the Tacoma Narrows Bridge? Critical infrastructure security is finally getting the attention it deserves; let’s hope that it is enough to prevent a major disaster.

Scott Montgomery is vice president and chief technology officer for the Americas and public sector at Intel Security. He runs worldwide government certification efforts and works with industry and government thought leaders and worldwide public sector customers to ensure that ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...