Page 44 - EE|Times Europe Magazine

Page 44 - EE|Times Europe Magazine - December 2020

P. 44

44 EE|Times EUROPE

SECURITY
Real-Life Scenarios: How the Industrial

Cloud Gets Hacked

By Ann R. Thryft

id you know a TV remote can become eminently hackable Wi-Fi network, which Agency (NSA) and the U.S. Department of
a spying device by hijacking the may also have all kinds of unsecured IoT Homeland Security’s Cybersecurity and
infrared it uses to communicate with devices hanging off of it. Infrastructure Security Agency (CISA) issued
Da set-top box? And the news gets worse. Of all the vulner- a joint alert recommending immediate action
But who needs a remote when you can abilities in ICS revealed during the first half to protect internet-connected OT and ICS
just yell at your TV? The FBI says that’s not of this year, more than 70% systems against security
safe, either: Hackers can control a smart TV’s can be exploited remotely, breaches. Citing the recent
camera and microphone to remotely record according to an August cyberattack on Israel’s water
video and audio of whoever’s in the room, or report by cybersecurity systems, the agencies called
use the unsecured TV to get into your router provider Claroty. Moreover, for better protection of
and then your PC. remote code execution is civilian infrastructure and
Even a humble coffee maker can be hijacked possible with nearly half of OT assets critical to U.S.
and turned into a ransom-demanding them. security and defense.
machine. So can other unsecured IoT devices. Claroty analyzed a combi- The number of attacks
These sound like sci-fi scenarios, but nation of vulnerabilities on computers in ICS in the
they’re not. published in the National oil and gas industry, as well
Vulnerability Database as in building and auto-
VULNERABLE HOME OFFICE NETWORKS and ones mentioned in mation systems, increased
So how do your TVs, remotes, and coffee advisories issued by the Darktrace’s Justin Fier slightly during the first
machines relate to the industrial cloud or to Industrial Control Systems half of this year, according
you at work? You might think that remote Cyber Emergency Response Team (ICS-CERT). to a September report from Kaspersky. The
hacking of devices like these is a remote possi- Sectors most impacted by ICS-CERT vulner- report concluded, “Threats are becoming
bility — and anyway, you’re working at home, abilities were energy, critical manufacturing, more targeted and more focused and, as a
like millions of others around the globe due to and water and wastewater infrastructure. result, more varied and complex.” The main
Covid-19, so there’s no way this could possibly Most of the 26 that were discovered by sources are the internet, removable media,
affect your company’s enterprise network or Claroty’s own research team were found in and email.
the operational technology (OT) network or PLCs and engineering workstations. The Computers used in building automation
any industrial control systems (ICS). workstations especially are desirable targets, systems are potentially a hacker’s backdoor,
But you would be wrong. Very wrong. since they’re connected to the factory floor, since they’re often connected to corporate
Because you need to access that OT PLCs, and IT. networks, the internet, corporate email,
network or those ICS remotely from your domain controllers, and video surveillance
home office. ICS AND OT ATTACKS INCREASING systems. Their attack surface is larger than
Oops. Yes. Your home office. The one Attacks on ICS and OT have been on the rise ICS engineering workstations and similar to
with the potentially leaky third-party VPN for some time. In July, the situation became computers in the IT network.
(because IT hasn’t replaced it yet), and your critical enough that the U.S. National Security AI-driven cybersecurity company Dark-
trace has found thousands of devices using
various ICS protocols on systems — such as
HVAC and elevators — that enterprises didn’t
Loss of visibility
know were connected to their IT networks,
Justin Fier, director of cyber intelligence
1. New device introduced to 3. Lateral movement — Admin RDP 5. Successful ICS connections and analytics for Darktrace, told EE Times.
network connection to WinCC Server S7 and Modbus
July 8, 07:00 UTC July 8, 07:03 UTC July 8, 07:21 and 07:54 UTC That means IT-OT systems aren’t properly
segmented, creating security blind spots.
“With the pandemic, systems such as
building control are being accessed remotely
by engineers and other employees from their
home offices,” said Fier. Yet their personal
Wi-Fi networks may be vulnerable to hackers
2. Establish foothold — HTTPS 4. Internal reconnaissance — ICS port scanning
with self-signed certificate to ports 102 and 502 trying to get into the corporate network.
rare IP address July 8, 07:20–07:55 UTC
July 8, 07:01 UTC INVISIBLE, UNSECURED CONNECTIONS
As many security experts will tell you,
Improper segmentation between IT and OT systems can lead to highly unusual endpoint devices must be secure to reduce
connections to ICS protocols, as shown in this timeline of the main events of an industrial the entire network’s vulnerability to attacks.
sabotage incident at a food-processing organization. Increased IT/OT convergence creates The rise of unmanaged shadow industrial IoT
new blind spots on the network and sets up new pathways to disruption. (Source: Darktrace) (IIoT) devices is one of the biggest threats to

DECEMBER 2020 | www.eetimes.eu

39 40 41 42 43 44 45 46 47 48 49