Around this time 10 years ago, the Stuxnet worm made its global debut. Unleashed with the intent to destroy the Iranian Bushehr nuclear power plant, the sophisticated malware leveraged a multistep attack sequence that used Windows zero-day vulnerabilities and spread via USB flash drive to reach its targets. Its coding was designed to identify programmable logic controllers (PLCs) made by the manufacturing company Siemens in order to gain access to and effectively damage high-speed centrifuges — and within several months of the attack, 50,000 different Windows computers were said to have been infected along with 14 Siemens control systems.
For experts, this hack marked the dawn of a new era. Previous cybersecurity concerns around the digital and IT world expanded to include the potential for powerful attacks on operational systems and physical hardware. Additionally, in the case with Stuxnet, while system patches at the time were applied to several of the vulnerabilities, researchers from SafeBreach Labs just uncovered new zero-day vulnerabilities tied to the original flaw — an entire decade later. The reach of Stuxnet continues to live on today, despite focused efforts of mitigation, indicating just how resilient these viruses can be.
While the malware's creators were never officially identified, researchers have acknowledged that its sheer complexities alone suggest that it was executed by a group of experts working together to build it months or even years prior to its final release. Over time, we've seen these kinds of strategic operations increase and actually form into what has been dubbed "the cyber mafia" — large, highly organized criminal enterprises made up of hundreds of employees that encompass everyone up to C-suite executives. Stealthy, innovative, and intelligent, these organizations have amassed millions of dollars by extorting major corporations, a large majority of which are collected via ransomware.
As the world becomes more connected and technology such as Internet of Things (IoT) and Industrial IoT devices proliferate, these issues will continue to grow more complex. Operational technology (OT) has and will continue to become a prime target for the cyber mafia and other malicious attackers if organizations don't take the proper steps to help protect and secure their systems against new and innovative attacks. Earlier this year, researchers discovered a new form of ransomware directly targeted at industrial control systems called EKANS, which is designed to "kill" software processes, encrypt data, and hold it hostage for ransom, and has affected large corporations such as Honda and Enel in its wake.
According to IBM, these kinds of OT hacks had increased a staggering 2,000% from 2018 to 2019 and Fortinet's "2020 State of Operational Technology and Cybersecurity Report" found that 74% of OT organizations reported having experienced a data breach in the last 12 months that directly affected their safety, revenue, and reputations.
To combat the increasing OT-related cyber issues, the Cybersecurity & Infrastructure Security Agency of Homeland Security has decided to take action, recently issuing the AA20-205A security alert, which seeks to reduce security exposure for operational technologies and control systems.
It's not a matter of if but when attacks will happen, and strategies must be implemented now in order to address threats today and as we move into the future. Here are three:
● Make security a priority: Unfortunately, many OT systems were built without security in mind or have often been neglected when it comes to security updates or regular patches. These weak points of entry have given hackers direct access to manufacturing systems, robots, fire alarms, access control systems, and even whole power grids that can keep a city dark without a paid ransom — as we saw with the attack against a power grid in Kiev, which left part of the Ukrainian capital without power for an hour in 2016. Since criminals are adapting and learning, companies should do the exact same to understand and address any known or unknown threats, as well as conduct regular updates and security scans to help protect from the cybercriminals that prey on their weaknesses.
● Improve your visibility: Having greater visibility across your supply chain and with any vendors you work with as well as on your back-end OT systems will help expose more vulnerabilities within your organization. This will provide the insight needed for leaders to make the right decisions when it comes to security that protects employees, customers, and their overall reputations.
● Test your products: Nonprofits and industry organizations like the ioXt Alliance and PSA Certified are taking initiative to introduce connected device security standards for manufacturers and technology providers to adopt. This has offered an easier way for companies to connect with experts on product and technology risks across their industries, hear from their peers on lessons learned or best practices, as well as the means to actually test product security through lab or self-testing and to certify that they're cyber safe.
Many organizations have avoided updating their operational security out of fear of pausing their business and losing time and money in the process. Some also don't feel that they are at immediate risk of attack. But as the numerous examples above show, any hardware — especially those with connected devices — can fall victim to malicious actors, and taking precautions before it's too late is the smartest and safest thing a company can do today.