Ransomware Attack Simulation
Published on by Water Network Research, Official research team of The Water Network in Technology
Ransomware continues to pique the interest of both criminals and security researchers alike. The Georgia Institute of Technology conducted a simulation involving a new type of ransomware capable of taking over industrial computer systems with relative ease.
Albeit this was only a simulated attack, it goes to show criminals can target industrial computer systems to cause a lot of havoc. In the past, several power grids in Ukraine have been shut down by hackers who gained access to internal systems. It is not unlikely such a trend would spread to the rest of the world, although no one knows for sure how much damage could be done in the process.
A lot of control systems belonging to power plants, water treatment facilities, and energy facilities are vulnerable to attacks from the outside. The Georgia Institute of Technology wants to highlight the risks presented by leaving critical systems connected to the Internet. If such facilities would be infected by malware or ransomware, a lot of damage can be done without the companies being able to do anything about it. Allowing criminals to access and control these systems need to be avoided at all costs.
So far, there have been no public reports related to ransomware infecting process control components of industrial control systems. Instead, criminals are targeting healthcare organizations and taxpayers, in the hopes of collecting valuable personal information. Considering how ransomware generated roughly US$200m worth of revenue for criminals in Q1 of 2016, it is only a matter of time until they move on to bigger targets.
Compromising control systems would open up Pandora’s Box, so to speak. If someone hijacks a water treatment facility, there is nothing preventing them slowly upping the chlorine dosage until the facility owners meet the ransom demand. It is not unlikely situations like these will not only become more common, but lives will be at stake as well. A lot of industrial control systems lack proper security protocols. Just because these systems have not been targeted by criminal attacks yet – as far as we know – does not mean they should be left unprotected either.
One critical flaw found in nearly every industrial control system is how it authenticates user activity. Anyone with access to the network – legitimate or not – can control the system with relative ease. There does not seem to be a failsafe in place to keep intruders out once they gain unauthorized access. Moreover, weak password policies are another major concern. Even though operators may believe their system is not connected to the Internet, that is not always the case. Remote maintenance and critical updates require online access, which leaves the door open for criminals to take advantage.
It seems to be a matter of time until ransomware attacks will target industrial control systems. Since hardly any of these systems are prepared for a sophisticated attack, it is not unlikely a few incidents will take place before the proper action is undertaken. Intrusion monitoring systems need to be installed sooner rather than later. Additionally, password security needs to be improved. Users who need to access the system need to be whitelisted, whereas all other remote connections should be broken off prematurely.
Source: The Merkle
Media
Taxonomy
- Water
- IT
- Control Systems
- IT
- Security
- Virus Protection