Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/6/2020
02:00 PM
Mike Dow
Mike Dow
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

10 Years Since Stuxnet: Is Your Operational Technology Safe?

The destructive worm may have debuted a decade ago, but Stuxnet is still making its presence known. Here are steps you can take to stay safer from similar attacks.

Around this time 10 years ago, the Stuxnet worm made its global debut. Unleashed with the intent to destroy the Iranian Bushehr nuclear power plant, the sophisticated malware leveraged a multistep attack sequence that used Windows zero-day vulnerabilities and spread via USB flash drive to reach its targets. Its coding was designed to identify programmable logic controllers (PLCs) made by the manufacturing company Siemens in order to gain access to and effectively damage high-speed centrifuges — and within several months of the attack, 50,000 different Windows computers were said to have been infected along with 14 Siemens control systems.

Related Content:

Why Should Physical Security Professionals Learn Cybersecurity Skills?

Special Report: Computing's New Normal, a Dark Reading Perspective

New on The Edge: Can Schools Pass Their Biggest Cybersecurity Test Yet?

For experts, this hack marked the dawn of a new era. Previous cybersecurity concerns around the digital and IT world expanded to include the potential for powerful attacks on operational systems and physical hardware. Additionally, in the case with Stuxnet, while system patches at the time were applied to several of the vulnerabilities, researchers from SafeBreach Labs just uncovered new zero-day vulnerabilities tied to the original flaw — an entire decade later. The reach of Stuxnet continues to live on today, despite focused efforts of mitigation, indicating just how resilient these viruses can be.

While the malware's creators were never officially identified, researchers have acknowledged that its sheer complexities alone suggest that it was executed by a group of experts working together to build it months or even years prior to its final release. Over time, we've seen these kinds of strategic operations increase and actually form into what has been dubbed "the cyber mafia" — large, highly organized criminal enterprises made up of hundreds of employees that encompass everyone up to C-suite executives. Stealthy, innovative, and intelligent, these organizations have amassed millions of dollars by extorting major corporations, a large majority of which are collected via ransomware.

As the world becomes more connected and technology such as Internet of Things (IoT) and Industrial IoT devices proliferate, these issues will continue to grow more complex. Operational technology (OT) has and will continue to become a prime target for the cyber mafia and other malicious attackers if organizations don't take the proper steps to help protect and secure their systems against new and innovative attacks. Earlier this year, researchers discovered a new form of ransomware directly targeted at industrial control systems called EKANS, which is designed to "kill" software processes, encrypt data, and hold it hostage for ransom, and has affected large corporations such as Honda and Enel in its wake.

According to IBM, these kinds of OT hacks had increased a staggering 2,000% from 2018 to 2019 and Fortinet's "2020 State of Operational Technology and Cybersecurity Report" found that 74% of OT organizations reported having experienced a data breach in the last 12 months that directly affected their safety, revenue, and reputations.

To combat the increasing OT-related cyber issues, the Cybersecurity & Infrastructure Security Agency of Homeland Security has decided to take action, recently issuing the AA20-205A security alert, which seeks to reduce security exposure for operational technologies and control systems.

It's not a matter of if but when attacks will happen, and strategies must be implemented now in order to address threats today and as we move into the future. Here are three:

● Make security a priority: Unfortunately, many OT systems were built without security in mind or have often been neglected when it comes to security updates or regular patches. These weak points of entry have given hackers direct access to manufacturing systems, robots, fire alarms, access control systems, and even whole power grids that can keep a city dark without a paid ransom — as we saw with the attack against a power grid in Kiev, which left part of the Ukrainian capital without power for an hour in 2016. Since criminals are adapting and learning, companies should do the exact same to understand and address any known or unknown threats, as well as conduct regular updates and security scans to help protect from the cybercriminals that prey on their weaknesses.

● Improve your visibility: Having greater visibility across your supply chain and with any vendors you work with as well as on your back-end OT systems will help expose more vulnerabilities within your organization. This will provide the insight needed for leaders to make the right decisions when it comes to security that protects employees, customers, and their overall reputations.

● Test your products: Nonprofits and industry organizations like the ioXt Alliance and PSA Certified are taking initiative to introduce connected device security standards for manufacturers and technology providers to adopt. This has offered an easier way for companies to connect with experts on product and technology risks across their industries, hear from their peers on lessons learned or best practices, as well as the means to actually test product security through lab or self-testing and to certify that they're cyber safe.

Many organizations have avoided updating their operational security out of fear of pausing their business and losing time and money in the process. Some also don't feel that they are at immediate risk of attack. But as the numerous examples above show, any hardware — especially those with connected devices — can fall victim to malicious actors, and taking precautions before it's too late is the smartest and safest thing a company can do today.

Mike Dow has worked in the semiconductor industry for Motorola, Freescale, NXP, and now Silicon Labs for the past 25 years. He has a Professional Engineering License in the state of Texas. He has extensive experience driving and participating in wireless standards ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff 10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9994
PUBLISHED: 2020-10-22
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.
CVE-2020-9997
PUBLISHED: 2020-10-22
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory.
CVE-2020-9927
PUBLISHED: 2020-10-22
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.
CVE-2020-9928
PUBLISHED: 2020-10-22
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.
CVE-2020-9929
PUBLISHED: 2020-10-22
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory.