Cyber attacks on industrial systems are rapidly increasing and becoming more dangerous

Entire production lines shut down due to a ransomware attack, it is not unlikely that your company will fall victim to a cyber attack, jeopardizing both your production continuity and your delivery obligations. Cyber security is now receiving more attention within the industry, and not without reason: according to the latest alarming figures, the number of attacks on industrial targets has doubled in the past six months.

By: Dimitri Reijerman

End of June 2017: major alarm on the Maasvlakte. Two APM container terminals in Rotterdam were closed for several days. Containers had to be removed from the cargo ships manually, an almost impossible task.

In addition to APM, a subsidiary of Maersk, other Maersk business units were also affected. The cause: a global attack with Not Petya, malware from probably Russian makers. The damage, caused by lost turnover and the replacement of IT equipment, amounted to almost three hundred million dollars, according to an estimate by Maersk.

The logistics company had to install 45,000 PCs and 4,000 new servers, among other things. Miraculously, Maersk managed to complete this huge job in about ten days. Maersk learned from the attacks, for example by better separating networks and by conducting penetration tests to expose weaknesses.

Life-threatening Triton malware

But Maersk is far from the only major party that is a victim of cyber attacks. Another, fairly recent example of malware that caused widespread damage to industrial systems has been dubbed Triton by security researchers. Triton emerged in late 2017 in the systems of an undisclosed petrochemical facility in Saudi Arabia, it is reported read in a reconstruction in the authoritative MIT Technology Review.

What made Triton different from other malware was that the code was aimed at manipulating critical factory security systems. These systems form the last line of defense and can preventively shut down an installation if sensors detect dangerous conditions. Triton offered attackers the opportunity to access these systems remotely. However, due to an error in the malware, it was detected and neutralized. Investigators say a successful attack could have caused an explosion and endangered human lives.

Although Triton was discovered in time by security researchers, companies that specialize in industrial security are seeing new variants of this malware emerge. Moreover, these variants have not only been spotted in the Middle East, but also beyond. This shows that those behind Triton are actively looking for new victims.

Cyber attacks on industry are increasing rapidly

According to a report According to researchers from IBM's X-Force IRIS incident response team, cyber attacks doubled between January and July 2019, with half of the attacks targeting industry. In addition to industrial targets, companies active in the oil and gas industry are also targeted, as are educational institutions.

IBM signals more trends in the field of cyber attacks on industrial installations. The most well-known malware to date that targets industrial installations, such as the famous Stuxnet and Dark Seoul, was primarily developed on behalf of or by states. But according to X-Force researchers, cyber criminals are also very active in targeting companies and industry. For example, they develop malware that not only holds data hostage, but also has a destructive element. For example, the ransomware starts erasing some of the hostage data every X minutes. In this way, they want to increase the pressure on affected companies to quickly pay the ransom.

Many attackers manage to gain entry through phishing emails or guessing passwords, but IBM says that cybercriminals are increasingly able to penetrate corporate networks by using third-party network connections. So-called watering hole attacks, in which malware is hidden on websites that are commonly used by employees but have already been cracked, are also on the rise.

Answers to your questions

The cybersecurity trends in the industrial sector all point in the same direction: industrial parties need to pay much more attention than before to securing their process control systems and the underlying IT infrastructure as best as possible. The Industrial Cyber Security Event 2019, organized by the Industrial Automation sector of FHI, wants to help companies with this.

During this meeting, specialists will provide answers to many practical questions. Because is a firewall sufficient to sufficiently secure your installation? How can a company better secure legacy systems? And are new standards needed for Industrial Internet of Things applications?

You can now Register for the Industrial Cyber Security Event. This will take place on Wednesday, October 9 in De Basiliek in Veenendaal. Be there and get concrete answers to the questions you and your colleagues have.