Distributed Cybercrime A Growing Threat To Factories, Infrastructure

To safeguard against distributed, as well as targeted attack, you need to have visibility of your entire attack surface, including IT, ICS and SCADA networks and know that baseline security standards are met throughout your organization.

Jun 30, 2017
Mnet 193257 Cybersecurity
Tal ShefferTal Sheffer

Ransomware is not new but has been a growing tool of choice of the cybercrime community in the last few years, capturing headlines for the widespread and brazen way they are able to be installed and holds the victim's data hostage. But little is being said about the business model behind these types of attacks. Ransomware and its larger family of distributed cybercrime have evolved, giving cybercriminals a more organized, sophisticated way to wreak havoc and make money. This business model is a way in which cybercriminals attack many victims in the same campaign. It is proving to be costly, and a lethal nuisance in the right situation.

What is Distributed Cybercrime and Why Does it Matter?

This commercialization of cybercrime is due to the lower barrier of entry, you don't need massive computational power for brute force attacks or deep knowledge of cybersecurity or cryptography to be effective. Easy–to–use tools are readily available on the dark web and have the ability to generate a substantial revenue stream with little skill or effort. This has driven professional cybercriminals to develop malware that runs on professional platforms and distribution services to attack the world. They don’t know who their victims are nor do they care. It is the perfect, automated, money-making machine for criminals, creating an ease of use and ROI that is too good to pass up.

  1. They are low-effort attacks targeting individuals or organizations with sub-par security
  2. They are low-skill attacks as little knowledge or experience is required compared to techniques such as spear-phishing β€” just plain phishing works for weak targets
  3. Highly sought-after zero–day vulnerabilities are no longer required for lucrative attacks β€” mainstream CVE vulnerabilities with known exploits and existing patches will do because many victims don't patch regularly
  4. Any standard endpoint is a potential source of revenue, making complicated lateral movement toward the crown jewels irrelevant
  5. When you attack the world, the sky is the limit β€” the amount of potential profit is endless

How exactly does would this type of cybercrime impact a manufacturing plant or other critical infrastructure? It doesn't take much to dupe an unsuspecting victim and install the malware. An innocuous looking email or website visited by a staff member can be all it takes to compromise a facility in seconds. From consumers to critical operations like hospitals β€” nobody seems immune from the ransomware threat. Cyber events of the last few years have shown what used to be thought of as a problem facing individuals should now be a concern for security programs at enterprises and critical infrastructure organizations alike.

Critical Infrastructure is Not Immune

Recently a trio of researchers demonstrated that ransomware can be used to take over industrial control systems (ICSs). A proof of concept (PoC) study conducted by a team at Georgia Tech examined an attack on hypothetical systems of a water treatment plant, but the lessons learned apply to any facility that uses ICSs.

The researchers went after programmable logic controllers (PLCs) with weak authentication using a cross-vendor worm dubbed β€œLogicLocker,” as it was able to take over different kinds of PLCs, jumping from one to its networked neighbor. They could take control of the compromised device, lock out legitimate users and make their demands β€” with the threat of dumping chlorine into the water supply if the terms of the ransom weren’t met.

Thankfully, LogicLocker was developed by academics for a PoC to alert organizations and the public about a looming threat. But it could just as easily have been a team of professional hackers out for a big payday. Beyond the ransom, the potential costs involved in having critical services disrupted β€” not to mention public safety β€” could have been significant with wide-spread ramifications.

In another recent, similar example researchers at the Politecnico di Milano demonstrated the ability of hackers to successfully execute an attack on an IRB 140 industrial robot arm manufactured by ABB, a Swedish-Swiss company that sells products for the utility, transportation and infrastructure industries. While the effect they caused was small β€” causing the robot to draw a very wiggly line instead of a straight one β€” it could result in serious damage if the robot were wielding a welding instead of a stylus. The researchers reported that there are 83,673 of this make of robot exposed to this kind of attack with an entire class of like machines presumably representing a much larger number in use around the world.

Preparing for Distributed Cyberattacks

Networked systems are complex and attackers have all the time in the world to study and understand them. Plant management doesn’t. Don’t assume the state–of–the–art security system in place for IT networks has visibility into operational technology that nonetheless is connected to it.

To safeguard against distributed, as well as targeted attack, you need to have visibility of your entire attack surface, including IT, ICS and SCADA networks and know that baseline security standards are met throughout your organization. From that fundamental visibility, you can start to see your network like an attacker would, finding paths of least resistance so you can harden their defenses.

In the meantime, you might want to check the authentication strength on any internet-connected programmable logic controllers you have lying around, just in case the next attack isn’t by three do-gooders from Georgia or Italian polytechnic researchers.

Tal Sheffer is the Chief Technology Officer of Skybox Security.

Read Next
Financial Cyber
Cybersecurity
Ransomware Report Shows Fewer Incidents, Future Concerns
May 3, 2024
Latest in Cybersecurity
Manufacturing Business Management
Sponsored
Manufacturing Business Management
May 1, 2024
Financial Cyber
Ransomware Report Shows Fewer Incidents, Future Concerns
May 3, 2024
Manufacturing Infrastructure Cyber
CISA Releases Latest ICS Advisories
May 3, 2024
Ep92tn
Security Breach: Predictions That Hit
May 2, 2024
Related Stories
Financial Cyber
Cybersecurity
Ransomware Report Shows Fewer Incidents, Future Concerns
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
I Stock 1251037786
Cybersecurity
What is Volt Typhoon?
All-In-One Manufacturing Management
Sponsor Content
All-In-One Manufacturing Management
More in Cybersecurity
Intuitive and Flexible Manufacturing ERP
Sponsored
Intuitive and Flexible Manufacturing ERP
Acumatica looks to offer new solutions.
May 1, 2024
Financial Cyber
Cybersecurity
Ransomware Report Shows Fewer Incidents, Future Concerns
The fear is that larger RaaS groups are exercising greater control over their affiliates.
May 3, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
CISA Releases Latest ICS Advisories
Cisco, Siemens, Honeywell and Mitsubishi systems top the list.
May 3, 2024
Ep92tn
Video
Security Breach: Predictions That Hit
A look back at Security Breach guest's most accurate and timely industrial cybersecurity predictions.
May 2, 2024
Ransomware
Cybersecurity
Report Identifies Hidden Costs, Challenges of Ransomware
Too many are paying, and the reasons range from understandable to infuriating.
April 25, 2024
Ep90
Video
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Cybersecurity
Transportation and Logistics Under Siege
A look at how this vital and increasingly targeted market sector is responding to more cyberattacks.
April 24, 2024
Industrial Cyber
Cybersecurity
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
Maximizing technology investments while maintaining security.
April 24, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
Avoiding Shutdowns from Ransomware Attacks
A strategic approach for protecting OT networks.
April 24, 2024
IEC 62443 is a key standard to reduce risk of cyberattacks in industrial workplaces.
Cybersecurity
How to Build a More Secure Connected World with IEC 62443
The goal is better efficiency, improved sustainability and interoperability, enhanced reliability and greater cost-effectiveness for system integrators, product suppliers and other stakeholders.
April 24, 2024
Coding
Cybersecurity
CISA Releases 7 ICS Advisories
Unitronics, Rockwell and Mitsubishi head the list.
April 19, 2024
Financial Cyber
Cybersecurity
Alarming Trends Reinforced in Ransomware Attack of Semiconductor Mfr.
Experts assess the fallout from the Dark Angel attack on Nexperia.
April 19, 2024
Industrial Cyber
Cybersecurity
Hexagon, Dragos Announce Partnership
The team-up looks to "revolutionize OT cybersecurity."
April 18, 2024
Ransomware
Cybersecurity
Report Shows Updated Ransomware Concerns
Hackers are elevating the complexity of their attacks - making them harder to detect.
April 18, 2024
Cybersecurity In A Bubble
Cybersecurity
Responding to Emerging Risks and Attack Vectors
Insight on key hacker strategies, response plans and creating a culture that embraces cybersecurity.
April 18, 2024