Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/6/2020
02:00 PM
Mike Dow
Mike Dow
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

10 Years Since Stuxnet: Is Your Operational Technology Safe?

The destructive worm may have debuted a decade ago, but Stuxnet is still making its presence known. Here are steps you can take to stay safer from similar attacks.

Around this time 10 years ago, the Stuxnet worm made its global debut. Unleashed with the intent to destroy the Iranian Bushehr nuclear power plant, the sophisticated malware leveraged a multistep attack sequence that used Windows zero-day vulnerabilities and spread via USB flash drive to reach its targets. Its coding was designed to identify programmable logic controllers (PLCs) made by the manufacturing company Siemens in order to gain access to and effectively damage high-speed centrifuges — and within several months of the attack, 50,000 different Windows computers were said to have been infected along with 14 Siemens control systems.

Related Content:

Why Should Physical Security Professionals Learn Cybersecurity Skills?

Special Report: Computing's New Normal, a Dark Reading Perspective

New on The Edge: Can Schools Pass Their Biggest Cybersecurity Test Yet?

For experts, this hack marked the dawn of a new era. Previous cybersecurity concerns around the digital and IT world expanded to include the potential for powerful attacks on operational systems and physical hardware. Additionally, in the case with Stuxnet, while system patches at the time were applied to several of the vulnerabilities, researchers from SafeBreach Labs just uncovered new zero-day vulnerabilities tied to the original flaw — an entire decade later. The reach of Stuxnet continues to live on today, despite focused efforts of mitigation, indicating just how resilient these viruses can be.

While the malware's creators were never officially identified, researchers have acknowledged that its sheer complexities alone suggest that it was executed by a group of experts working together to build it months or even years prior to its final release. Over time, we've seen these kinds of strategic operations increase and actually form into what has been dubbed "the cyber mafia" — large, highly organized criminal enterprises made up of hundreds of employees that encompass everyone up to C-suite executives. Stealthy, innovative, and intelligent, these organizations have amassed millions of dollars by extorting major corporations, a large majority of which are collected via ransomware.

As the world becomes more connected and technology such as Internet of Things (IoT) and Industrial IoT devices proliferate, these issues will continue to grow more complex. Operational technology (OT) has and will continue to become a prime target for the cyber mafia and other malicious attackers if organizations don't take the proper steps to help protect and secure their systems against new and innovative attacks. Earlier this year, researchers discovered a new form of ransomware directly targeted at industrial control systems called EKANS, which is designed to "kill" software processes, encrypt data, and hold it hostage for ransom, and has affected large corporations such as Honda and Enel in its wake.

According to IBM, these kinds of OT hacks had increased a staggering 2,000% from 2018 to 2019 and Fortinet's "2020 State of Operational Technology and Cybersecurity Report" found that 74% of OT organizations reported having experienced a data breach in the last 12 months that directly affected their safety, revenue, and reputations.

To combat the increasing OT-related cyber issues, the Cybersecurity & Infrastructure Security Agency of Homeland Security has decided to take action, recently issuing the AA20-205A security alert, which seeks to reduce security exposure for operational technologies and control systems.

It's not a matter of if but when attacks will happen, and strategies must be implemented now in order to address threats today and as we move into the future. Here are three:

● Make security a priority: Unfortunately, many OT systems were built without security in mind or have often been neglected when it comes to security updates or regular patches. These weak points of entry have given hackers direct access to manufacturing systems, robots, fire alarms, access control systems, and even whole power grids that can keep a city dark without a paid ransom — as we saw with the attack against a power grid in Kiev, which left part of the Ukrainian capital without power for an hour in 2016. Since criminals are adapting and learning, companies should do the exact same to understand and address any known or unknown threats, as well as conduct regular updates and security scans to help protect from the cybercriminals that prey on their weaknesses.

● Improve your visibility: Having greater visibility across your supply chain and with any vendors you work with as well as on your back-end OT systems will help expose more vulnerabilities within your organization. This will provide the insight needed for leaders to make the right decisions when it comes to security that protects employees, customers, and their overall reputations.

● Test your products: Nonprofits and industry organizations like the ioXt Alliance and PSA Certified are taking initiative to introduce connected device security standards for manufacturers and technology providers to adopt. This has offered an easier way for companies to connect with experts on product and technology risks across their industries, hear from their peers on lessons learned or best practices, as well as the means to actually test product security through lab or self-testing and to certify that they're cyber safe.

Many organizations have avoided updating their operational security out of fear of pausing their business and losing time and money in the process. Some also don't feel that they are at immediate risk of attack. But as the numerous examples above show, any hardware — especially those with connected devices — can fall victim to malicious actors, and taking precautions before it's too late is the smartest and safest thing a company can do today.

Mike Dow has worked in the semiconductor industry for Motorola, Freescale, NXP, and now Silicon Labs for the past 25 years. He has a Professional Engineering License in the state of Texas. He has extensive experience driving and participating in wireless standards ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36388
PUBLISHED: 2021-06-17
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
CVE-2020-36389
PUBLISHED: 2021-06-17
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
CVE-2021-32575
PUBLISHED: 2021-06-17
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
CVE-2021-33557
PUBLISHED: 2021-06-17
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
CVE-2021-23396
PUBLISHED: 2021-06-17
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.