Page 46 - EE|Times Europe Magazine

Page 46 - EE|Times Europe Magazine - December 2020

P. 46

46 EE|Times EUROPE

Real-Life Scenarios: How the Industrial Cloud Gets Hacked

mass attacks is offset by an increase in the the horizon, where attackers hold business most oil pipeline shutdowns aren’t caused
number and complexity of targeted attacks operations ransom instead of just encrypting by cybersecurity incidents and, in many
where we see active utilization of various files.” For example, one customer’s smart cases, recovering from a cyberattack can be
lateral movement tools, building automation refrigeration system had such insecure faster than from a pipeline shutdown, both
systems might turn out to be even less secure protocols that Darktrace could demonstrate a can have similar financial consequences that
than corporate systems within the same Stuxnet-type attack, dropping temperatures extend far beyond system recovery costs.
network,” the report states. a few degrees to make food spoil. During forest fires in Canada a couple of
years ago, oil pipelines threatened by the
THE RISE OF INDUSTRIAL RANSOMWARE UNFORESEEN FINANCIAL CONSEQUENCES fires were shut down. This made the product
As organizations that depend on OT increas- While recovering from a cyberattack can be harden in the pipeline, Brash told EE Times.
ingly deploy IoT devices and let remote costly and take lots of time, major follow-on “Dilutant had to be run through the pipeline
workers access OT networks, cyberthreats consequences can cost even more and for several months to break down the prod-
have escalated. Nozomi Networks’ July “OT/ take more time to recover from. A cyber- uct such that the pipeline could then be used
IoT Threat Report“ looked at the most active attack such as ransomware, especially one for its primary purpose,” said Brash. “But
OT and IoT threats during the first half of that causes downtime oil can have less desirable
2020. It found that ransomware attacks are or shutdowns, can have properties, and those can
demanding bigger ransoms and are target- reverberations through- damage the protective layers
ing larger and more critical organizations. out the infrastructure of a inside the pipeline, degrad-
In particular, attackers are now using manufacturing or oil and ing the infrastructure. That
OT-aware ransomware, such as SNAKE/ gas company for months meant the pipeline had to
EKANS and MegaCortex, indicating that ICS afterward. These can be repaired and reinspected,
may be increasingly targeted by non-state include extended downtime and undergo safety or other
threat actors. and equipment repair or approvals. All those steps
This year, FireEye’s Mandiant service has replacement in addition effectively created a cascade
seen at least seven ransomware families to testing and recertifica- of additional time and costs
that incorporate some ability to disrupt OT, tion, as well as widespread beyond the costs caused by
according to a recent company blog. profit loss from inability the revenue lost during a
Ransomware attacks constitute a quar- to fill contracts, or even Verve Industrial normal outage or less dam-
ter of all cyber incidents handled by IBM’s a complete shutdown of Protection’s Ron Brash aging incident.”
X-Force incident response team so far this operations. Other costs could include
year, and 6% of them used the ICS-targeting Recent examples of the inability to satisfy con-
SNAKE/EKANS, the company reported in a manufacturing shutdowns include the tracts while manufacturing is halted, forcing
September blog. The most targeted sectors cyberattack on Honda in June that made it a company to buy product on the open mar-
are manufacturing, professional services, stop production globally for a few days, likely ket and sell at a loss. An inability to restart
and government organizations, all with a low caused by EKANS/SNAKE ransomware. In operations or get recertified because of
tolerance for downtime. September, Israel’s Tower Semiconductor specific location and regional development
Darktrace’s Fier told EE Times that the had to halt some manufacturing operations conditions, or from sheer overall costs, could
goal of ransomware has changed. “Ransom- after a cyberattack. cause the permanent shutdown of some or
ware attacks are now less about encrypting Ron Brash, director of cyber security all operations.
data for money and more about holding an insights for OT/ICS cybersecurity company Many packaged goods manufacturers are
entire organization or assembly line hos- Verve Industrial Protection, uses the analogy vulnerable to disruption because of just-in-
tage,” he said. “I think we’ll start seeing what of oil pipeline shutdowns to demonstrate time manufacturing practices that keep low
I call DNS or quality-of-service attacks on these follow-on consequences. Although inventories of materials and warehoused
product, said Brash. “These organizations
often believe in the ‘old school’ definition
What impact did the OT security breach(es) have on your company? (n = 150) of resilience, which is basically redundancy
— multiple versions of the same thing.” Yet
a second or third line alone isn’t enough if
Operational outage affected productivity 43% an attacker has user IDs and access codes for
both lines, and IT and OT are connected.
Brand or reputational damage 19% “It’s not connectivity that’s at fault; it’s
Operational outage put physical safety at risk 18% largely due to how it’s engineered,” said
Brash. “We need to engineer the risks out of
Operational outage affected revenue 18% it, and we’ve forgotten how to do this in the
race for convenience. I can understand why;
Loss of business-critical data 12%
it could be fear of disruption, or not having
Loss of intellectual property 11% enough knowledge in-house.
“But you can do things that improve the
Other 4% situation gradually, such as starting with the
cybersecurity hygiene basics, and you can do
things such as having a layered defense.” ■
Companies that face a breach most commonly report operational outages affecting
productivity, and a substantial number suffer a direct impact on revenue. Harm to safety Ann R. Thryft is a contributing editor for
and hits to reputation are also unacceptably high. (Source: Fortinet) AspenCore.

DECEMBER 2020 | www.eetimes.eu

41 42 43 44 45 46 47 48 49 50 51