Security Fridays: Week 15Chris Cassell 23/07/2020 Industry News
Protecting your organisation from the growing threat of ransomware
This article brings to light a field of security that tends to be regarded as minor but which could in time potentially have the highest impact of all attacks. That’s assaults against Supervisory Control and Data Acquisition (SCADA) and Industrial Controls System (ICS) devices.
Currently it’s believed that Honda was attacked by the Ekans Ransomware, which operated somewhat differently than the traditional ransomwares that most people are familiar with. Rather than locking down and encrypting desktop and laptop PCs files to either cripple machines or restrict access to an organisations own data, these work to track down machines that are controlling other machines. So in this example we’re looking at ransomware that locates machines that run the car manufacturing robots on the production line and terminates those controls from being run. So a computer virus that actively works to stop a physical thing, in this case, the manufacture of physical items.
In these cases there’s no data breached in the traditional manner so it doesn’t get the headline fines of GDPR fines or class action law suits that those sort of events draw. However for an organisation that is primarily about manufacturing, having their machines offline can be astronomical. Some studies estimate that for the larger firms it can cost $22,000 per minute or downtime or approximately $1.3 million per hour. Bear in mind that these plants operate as a chain so the loss of a single station can bring down all those after it. So it’s easy to see how they can be held to ransom in this situation.
Then let’s look at the larger picture, nowadays all complex plants are run through computer control systems and some of those systems are very legacy, some still from the 70’s and 80’s so their vulnerabilities are well known. Imagine if these attacks were successful against other sectors? Power? Water treatment? These are the sort of things that could be truly devastating to any fully developed country so it’s a field that should be given some serious thought in the security sector.
1 – Airgap sensitive networks. While it’s convenient to be able to remote control these solutions from anywhere in the environment, the truth is more often than not these attacks come in from a normal business device, then propagate themselves across a network until they find a valid target. But keeping the real sensitive areas separate and gatekeeping all the data that goes between them will stop this spread.
2 – Use data diodes. If you absolutely must get data out of that environment for monitoring, then place a data diode in the way. These allow data in one direction only. So you can get the monitoring data you need, while being sure that no viruses or controls can go the other way.
3 – Patch everything, make sure that everything in your environment is patched and fully updated. The Ekans Ransomware is a 2019 design, so it should have been defendable, but a lot of organisations while they do patching, they don’t have ways of checking it has gone everywhere it needs to go.
Read the article that was analysed here: https://www.bbc.com/news/technology-52982427