Widespread techniques make the bar so low for attacks on management processes that sometimes attackers have no idea what they are using the system for.
Controlling processes, such as attacks on systems in industrial environments, are becoming more frequent, using not sophisticated everyday methods at all. FireEye’s cyber security company Mandiant’s investigation team has published a report examining trends in attacks against control processes, especially those in which some operational technology (OT) is also present.
Attacks on control processes were previously complex. it was considered a task because access was strictly regulated and protected industrial technologies could only be countered with malicious software specifically designed for this purpose. Disrupting a control process and achieving a predictable effect is now easier because vulnerable OT endpoints facing the Internet offer a wider attack surface.
Keith Lunden, Daniel Kapellmann Zafra and Nathan Brubaker, Mandiant colleagues say “low-sophistication” OT attack attempts are becoming more common. The company observed that hackers with different qualities of skills and different levels of resources “use common IT tools and techniques to access and interact with open OT systems”
Solar panel networks, water control systems and building automation systems were the targets, and although critical infrastructure organizations are on the list, the same techniques are used against Internet-of-things (IoT) devices on scientific campuses and private residences.
Attacks against OT systems tend to seek to take control of a large number of open endpoints for ideological, selfish or financial purposes rather than to cause serious damage, for example by gaining control over basic infrastructure assets.
Over the past few years, researchers have observed that OT tools have different methods including remote access services and virtual network computing (VNC)
The “easily accessible fruit” that many attackers hit is the use of graphical user interfaces (GUIs), including human machine tools. interfaces (HMIs) – which provide simple user interfaces for controlling complex industrial processes. As a result, threatening actors are able to “modify control variables without prior knowledge of the process,” says Mandiant.
Another notable trend is hacktivism, which is provided by widely available and free online tutorials. energy. Researchers have recently seen hacktivist groups boasting in anti-Israel and anti-Palestinian social media posts that they have compromised Israeli OT assets in the renewable and mining sectors.
However, it appears that low-skilled threats focus on reputation and have little knowledge of what they are targeting. It’s like when graffiti is painted on the wall of a fenced tarpaulin. It is not the damage that matters, but the self-expression. Which sometimes brings quite ridiculous turns. In two separate cases, the threatening actors boasted of hijacking a German railway control system – except for the control station of the model railway stock – and in another case a group claimed to have broken into an Israeli “gas system” but it was nothing more than a restaurant kitchen ventilation system
However, despite such blunders, successful attacks on critical OT devices can have serious consequences. It is enough to think about the extortion virus attack on the Colonial Pipeline and its consequences.
As the number of intrusions increases, so does the risk of process interruptions. Avoiding the publicity of such incidents makes cyber operations against OT acceptable and may encourage other cyber criminals to increasingly target or influence these systems. This is in line with the increasing targeting of OT activities by more resource-intensive and financially motivated groups. Because of this, the number of extortion virus attacks is increasing, Mandiant indicated. “
Researchers suggest that, whenever possible, OT devices should be removed from public, online networks. Network security should be tightened more frequently, and security audits should be carried out, including device discovery, and devices should be configured to prevent potentially dangerous changeable states.
Hardware, software, tests, curiosities, and colorful news from the IT world by clicking here!
