Back in June 2010, malware computer programme Stuxnet hit the headlines as the first computer worm to target modern supervisory control and data acquisition (SCADA) and programmable logic controller (PLC) systems. Industrial Control System (ICS) users became aware of how software hackers and malware could affect operation. Back then, you'd be forgiven for thinking that as a regular ICS or SCADA user, you had nothing to worry about. Five years on, everything has changed.
Here Jonathan Wilkins, Marketing Director of industrial automation parts supplier European Automation discusses the latest advances in malware and why smaller manufacturing businesses might be in danger.
With the IoT becoming a common way to connect across the manufacturing industry, cyber vigilance is more important than ever. One of the most recent targeted malware attacks, Dragonfly, used at least three attack mechanisms, including taking over the software download sites of trusted ICS and SCADA suppliers. The download packages look legitimate, but when installed onto a control system the malware comes to life.
It's not just individual systems that are falling victim to malware attacks. An attack on a smart grid - an energy distribution network that uses smart meters, appliances and efficient renewable resources - affects more users than one on an individual meter, therefore the potential for damage is much more significant. In the most obvious smart grid attack, an attacker would take control of the grid in order to disrupt the provided services. The attacker could also update the firmware on the devices, making the attack more difficult to mitigate.
Because of the potential for attack, it's important for manufacturers to understand how to protect their software from the different types of malware.
The latest twist on phishing is another method being used in malware attacks. Spear phishing is an email that appears to be from a person or business that you know. Using information from social media sites, a spear phisher can pose as someone that you trust and ask for confidential information, such as passwords, to gain access to SCADA and PLC systems.
There are a few ways that you can protect your company from this type of attack, including using a different password for each online account, making regular software updates and taking down any online information that you wouldn't want a stranger to know.
A watering hole attack typically works by gathering information on websites that are often visited by employees of the targeted company. Once the trusted websites have been identified, the malware attacker will insert an exploit into the site, compromising its privacy and allowing attackers to gain access to personal data.
Though attackers may incorporate different exploits, the traffic generated by the final malware remains consistent. By detecting these communications, you can quickly implement security measures to prevent the attack from escalating. Technologies such as Trend Micro Deep Discovery can help detect suspicious network traffic.
Last year, a US Computer Emergency Response Team (CERT) discovered that Russian malware, BlackEnergy had found its way into the software that controls electrical turbines in the US. While investigators didn't see any attempt to damage or disrupt machines, attackers did have a way to plant destructive code in the future.
In 2014, the Department of Homeland Security investigated 79 hacking incidents at energy companies across the US, meaning that BlackEnergy wasn't an isolated incident. Energy companies have started taking precautions, such as employing cyber-security teams and separating their internet-connected corporate computers from the stations that control critical machines. A simple way to protect the grid is to install anti-virus and anti-spam software onto employee's computers and keep it updated.
Five years after the Stuxnet attack, all SCADA and PLC systems across the manufacturing industry are vulnerable, no matter how small. Malware attackers can gain access to an entire power grid by just one employee clicking a bad link in an email, so now is the time to start taking precaution. After all, no one wants to be responsible for shutting off an entire city's power.