ICS vulnerabilities could be exploited to cause 'severe operational impact,' report warns
SC Magazine and IS Buzz News, March 5, 2018, with comments by Ray DeMeo;
Cyberthreats in 2017 showed the considerable danger level industrial control systems (ICS) face when it comes to potential attacks. It’s long been known that ICS networks are vulnerable, but the level of attack tools available now to a broad number of bad actors is greater than ever before.
In addition to its nuclear threat concerns, reports reveal North Korea may be behind new threats of malware targeted at the U.S. power grid and others.
North Korea previously backed a group of cyber criminals called the Lazarus Group and now a new group on the horizon, Covellite, is mimicking code and behavior of the Lazarus Group in attempts to breach electric utilities in Europe, Asia and the US using spear phishing campaigns. FireEye has also tied North Korea’s government to spear phishing emails sent to US electric companies. This calls to mind that in 2017, North Korea was also behind the damaging Wannacry ransomware attack, while though not specifically targeted against ICS, struck numerous companies, countries and industries.
According to Dragon new research on Threats and Threat Groups Targeting ICS in 2017, “61 percent of 163 ICS vulnerabilities discovered last year could be exploited to cause severe operational impact.” Though the identity of specific perpetrators may not yet be positively identified, the threats are 100% real.
Ray DeMeo, chief operating officer (COO) at Virsec, comments on the rising ICS threats.
"There has been a sharp increase in attacks targeting ICS in the last year. While the most high-profile attacks are often politically motivated, the tools for these advanced attacks are becoming widespread. It's only a matter of time that we start seeing non-nation-state hackers using these advanced tools to extort ransoms, gain publicity, or just cause mayhem.”
DeMeo also warns that while "tracking the groups behind these attacks may be interesting,” it doesn't improve security “or eliminate the risks of advanced hacking tools.” He stressed that ICS security must “be strengthened from the inside at all levels."
Related articles on ICS vulnerabilities:
Triton malware targeted Schneider Electric software in 2017 and their presentation provides great insight not only into the technical details, but also sets a great example on how to handle and communicate about a cyber attack.
View Schneider Electric presentation on YouTube