Eventually, everyone need help with their heating and air conditioning (HVAC) units. Most technicians are trustworthy and do a great job. The bad news is that more than 9 out of 10 (91%) industrial organizations are vulnerable to cyber-attacks, according to a new report by Positive Technologies. The study found that external attackers can penetrate the corporate network in all these organizations, and once inside, can obtain user credentials and complete control over the infrastructure in 100% of cases. In over two-thirds (69%) of these cases, external attackers can steal sensitive data from the organization, including information about partners and company employees and internal documentation.
In addition, penetration testers from Positive Technologies gained access to the technological segment of the network of 75% of organizations. This then enabled them to access industrial control systems (ICS) in 56% of cases. Once malicious actors gain access to ICS components, they have the opportunity to cause severe damage and even fatalities this includes shutting down entire productions, causing equipment to fail and triggering industrial accidents.[1]
Industrial Control Systems (ICS) refer to various types of technology that control physical infrastructure ranging from industrial production such as valves in a manufacturing plant, to environment controls like lighting and cooling systems in an office building. Think you do not have ICS on your network? Data centers, offices and corporate campuses rely on Industrial Control Systems to operate. In fact, virtually every modern building, and corporate campus around the world plays host to environmental controls, building entry systems, safety systems, and many other automation systems that are considered ICS.
As with any system, ICS have known vulnerabilities, which now that they are network-accessible represent a tantalizing target for attackers. Why bother trying to defeat carefully constructed network security measures if you can more easily turn on the sprinkler system and bring down the entire data center? So instead of stating that 90% of industrial organizations are vulnerable to cyber-attacks, the real number is 100%.
The investigators said there is a range of factors that are making these organizations vulnerable to hackers. For example, during recent PT NAD pilot projects, its experts uncovered numerous suspicious events in the internal network of each industrial company. In one case, PT NAD registered an RDP connection to an external cloud storage, enabling 23 GB of data to be transferred to the address of this storage via RDP and HTTPS.
The vendor also noted that industrial companies often use outdated software and commonly save connection parameters (username and password) in a remote access authentication form, allowing attackers to connect to the resources of an isolated segment without credentials when they obtain control over such a computer.
The potential impact of an attack on an industrial organization was demonstrated during a virtual cyber-range at The Standoff 2021. In one scenario, within two days, attackers gained control of the gas station, halting the gas supply and causing an explosion.
A senior analyst at Positive Technologies, commented: “Today, the level of cybersecurity at most industrial companies is too low for comfort. In most cases, internet-accessible external network perimeters contain weak protection, device configurations contain flaws, and we find a low level of ICS network security and the use of dictionary passwords and outdated software versions present risks.”
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
[1] https://www.infosecurity-magazine.com/news/industrial-orgs-penetrated-hackers/
Comments