Networks and intelligent devices are advancing at an accelerated rate. Devices and capabilities that were once a dream are now commonplace. While enabling extraordinary advancements in the type and amount of information we can obtain, these advancements present new cyber vulnerabilities.
Twenty years ago, we simply worried about viruses. Now, we need to worry about a host of other malicious applications and threats. We are one extensive connected, intelligent network not limited by geographic location. Consequently, recent hacktivist efforts have focused on disrupting critical infrastructure rather than simply stealing data.
Unfortunately, many companies fail to view these cyber threats as imminent and are putting off adoption due to the perceived high costs. While recent major adverse cyber events shed light on some of these looming threats, most are rarely publicly reported.
New Cyber Threats
One type of attack gaining popularity is ransomware. These attacks lock data owners out of their data and systems until they pay a ransom. Companies with millions invested in security are being hit hard by ransomware attacks.
Ransomware attacks against imperial pipeline operator Colonial Pipeline and JBS SA, the world’s largest meat processor, recently brought the scope of the threat home to the public, with both attacks raising prices and impacting consumers. Unfortunately, these two examples are only the most sensational. Meanwhile, government agencies, cities and towns, public utilities, and other corporations large and small are being targeted.
DarkSide, one of the organizations believed to be responsible for some attacks, defines itself as “Ransomware as a service.” These entities provide tools, making these attacks available to anyone willing to pay them a profit share while meeting their limited restrictions. In other words, it’s just a business, a BIG business.
The days of slipping out into the dark of night to drop off a briefcase full of money for ransom are gone. Today, they happen in real-time over the internet using financial tools like Bitcoin, Ethereum, and other cryptocurrencies. They have evolved into simple to transport, discreet and untraceable, and easy to convert to the coin of the realm.
Due to the global nature of the internet, it is now possible to commit crimes in other countries while not violating local laws. Many organizations forbid the attack on a target within their region to shield them from criminal prosecution. Therefore, as far as they are concerned, there is no risk. This lack of international law catching up with technology makes for a big win for hackers.
Consequently, you now must also worry about the hacking of others. Recently several large retailers and social media sites have had their user databases stolen. These resulted in the loss of personal information and provided the hackers with passwords for the accounts stolen. In addition, these services often provide an authentication mechanism for other sites and applications. In other words, these systems are compromised as well. These targets are viral for the hacker since they produce the maximum return for the effort expended.
What You Can Do to Fight Cyber Attacks?
No network or device can ever be guaranteed to be impervious to attack. But, there are many ways to help reduce risk and lessen the severity of a cyber attack. Some are even quite simple.
1. Compartmentalize your network
When designing a controls network, only put those devices required to be there on that network. Block all other hosts. When possible, only allow external systems to get data from a single host and only through a secondary network. Block all traffic internally on the network if it is not required. Block device-to-device communication if not needed. Only allow the necessary protocols to get the job done.
2. Practice good account discipline
Ensure users have only the access they need and only for as long as they need it. Deactivate accounts as soon as a person no longer requires access.
3. Enforce good password discipline
Unfortunately, the nature of the modern world requires us to have several accounts. Each should have a randomly generated strong password that is unique. Never reuse passwords. You may use a password keeper to store those passwords but ensure it to has a strong password. Do not write passwords in a notebook. Change your passwords regularly. Use two-factor authentication for users whenever possible.
Devices must have a unique password per device. If one device such as a meter has a password, change it from the default, ensure it has a strong password, and safely record it in a password keeper.
4. Keep software and hardware up to date
Device and computer manufacturers regularly produce patches to protect from intrusion and to replace outdated protocols. Make use of these updates to secure your systems. Routinely look to see if your hardware is becoming out of date. Out-of-date hardware may limit your ability to keep it up to date and keep your network safe.
5. Stay Informed
The most valuable tool is to become informed. Read up on the latest exploits, tools, and techniques for keeping your network safe.
These are just a few of the hundreds of ways to reduce the risk and severity of intrusions. Contact Applied Power Technologies and let us discuss how we can help you lock down your systems. We have experience securing control networks like yours and would be happy to help. These cyber-threats are real. Don’t face them on your own.
Rick Deming, APT Systems Engineer