Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label U.S. & Israel. Show all posts

Analysis of Industrial Control System Security

We are presently experiencing IT/OT convergence, which will reveal new hurdles for both IT and OT divisions to overcome. Site engineers have traditionally overseen operational technology with an emphasis on reliability and stability. However, as OT systems become more integrated, these two worlds must start functioning as a single entity. The panorama of industrial cyber risks changed in 2010. Since Stuxnet targeted crucial supervisory control and data acquisition (SCADA) systems, which immediately gained attention on a global scale. 

Humans can operate and manage an industrial facility utilizing computer systems employing OT, which consists of programmable logic controllers (PLCs), intelligent electronic devices (IEDs), human-machine interfaces (HMIs), and remote terminal units (RTUs). These systems are linked to sensors and devices on the site, which could be a factory or a power plant. 

Industrial control systems are a common name for this set of process control equipment (ICSs). These technologies allow hackers to act based on what they see on the screen, in addition to providing information to them. Operational technologies have always been created with safety and availability in mind, but with relatively minimal care for cyber security. This is a significant contrast between OT and IT. 

Stuxnet: What is it? 

As per reports, Stuxnet influenced countless rotators at Iran's Natanz uranium advancement office to wear out. Afterward, different gatherings modified the infection to explicitly target foundations like gas lines, power stations, and water treatment offices. It is assessed that the US and Israel cooperated to make the malware. 

Industrial facilities have possibly "air-gapped," demonstrating that there is no connection between the organization inside the office and the organizations outside. This postures one of the obstructions in arriving at these regulators. A portion of the world's richer countries has figured out how to get around this countermeasure, regardless. 

 Iran benefited from the assault 

"The attack by Stuxnet opened the world's eyes to the idea that you can now design cyber weapons that can harm real-life target" said Mohammad Al Kayed, director of cyber defense at Black Mountain Cybersecurity. You could gain access to a nation's whole infrastructure and, for instance, turn off the electricity. In just this manner, Russia has twice attacked Ukraine.

Iran gained from the hack that the appropriate tool stash can likely be utilized to target ICS. It likewise noticed the power of those assaults. Somewhere in the range of 2012 and 2018, specialists saw an ascent in cyberattacks against Saudi Arabian modern offices as well as those of different nations nearby. 

"A virus program called Shamoon was one example. Three distinct waves of the virus have struck Saudi Arabian industrial facilities. The original version affected a few other businesses and Saudi Aramco. In a few years, two new variants were released. All of them exploited Saudi Arabian petrochemical firms and the oil and gas sector" stated Al Kayed. Saudi Arabia was a target since it has numerous manufacturing plants and sizable oil production operations. It is Iran's rival in the area and a political superpower. 

Connecting OT and IT invites vulnerability

When ICS is connected to an IT network, hacks on those systems are even simpler. By exploiting the IT network first, malicious actors can remotely attack OT assets. All they need to do is send an expert or employee who isn't paying attention to a phishing email. When industrial control systems are connected to an IT network, attacks on those systems are even easier. 

Al Kayed proceeds, "Anybody can bounce into designing workstations and other PC frameworks inside a modern site. Now that they understand how one can remotely put the malware on such modern control frameworks. Although they don't at first need to think twice about designing workstations at the office, there is a method for doing so because it is connected to the corporate organization, which is in this manner connected to the web. You can move between gadgets until you show up at the ideal design workstation in the petrochemical complicated or the power plant. "

Saudi government takes measures 

The targeted nation can acquire the necessary skills, possibly repair the weapon used against it, and then go after another target. Saudi Arabia, which has numerous manufacturing plants, is the nation in the area with the main threat on its front. Therefore it makes sense that the Iranians exploited what they had learned to strike its strongest rival in the region. 

However, the Saudi government is acting to stop similar attacks from occurring again. The National Cyber Security Authority (NCA) created a collection of legislation known as the Essential Cybersecurity Controls (ECC), which are required cyber security controls, to stop the attack type mentioned above. One of the only nations in the area having a security program that goes beyond IT systems is Saudi Arabia right now. It has also taken into account the dangers to OT infrastructure. 

Guidelines for ICS security 

The protection of industrial control systems is currently a global priority. A thorough set of recommendations for defending industrial technology against cyber security risks was released in 2015 by the US National Institute for Standards and Technology (NIST). Four important lessons can be learned from the attack on Iran and the ensuing attacks on Saudi Arabia:

  • The first step is to separate OT from IT networks. 
  • Utilize an industrial intrusion detection and prevention system and anti-malware software. 
  • The main targets of attacks on OT networks are HMIs and PLCs. Use specialized technologies, such as data diodes, which accomplish what a network firewall accomplishes logically but in a physical way.
  • Monitoring is a crucial step: "Security monitoring" is a frequent IT practice. But not many OT facilities do that currently.

Medical Professionals of U.S. and Israel Targeted in a 'BadBlood' Phishing Campaign

 

Email security firm, Proofpoint has exposed a hacking group linked with the Iranian government targeting nearly two-dozen medical researchers in Israel and U.S. The targeted medical professionals particularly work in the oncology, genetics, and neurology fields in both U.S. and Israel. Proofpoint described the phishing campaign as ‘BadBlood’ due to its nature of targeting medical professionals.

According to Proofpoint, the Iranian hacking group operates with different names such as TA453, Charming Kitten, Phosphorus, APT35, ITG18, Ajax Security Team, NewsBeef, and Newscaster. The hacking group that has been operating since 2011, is specifically targeting medical professionals, activists, and journalists in the Middle East, the U.K., and the U.S. 

To lure the victims into their trap, the Iranian hacking group employed a Gmail account in the name of prominent Israeli physicist, Daniel Zaifman. The attackers sent a series of malicious emails from the Zaifman account to the medical professionals claiming to contain sensitive information on Israel’s nuclear program. 

The malicious emails contained a link that directed the victims to a fake Microsoft login page and once opened, the malicious links extracted the users’ email credentials. Although the motives of this attack is not yet clear, many researchers believe the operation was conducted to acquire medical research or private health data on intelligence targets of interest to Tehran. 

“While this campaign may represent a shift in TA453 targeting overall, it is also possible it may be an outlier, reflective of a specific priority intelligence tasking given to TA453. While targeting medical experts in genetics, neurology and oncology may not be a lasting shift in TA453 targeting, it does indicate at least a temporary change in TA453 collection priorities. BadBlood is aligned with an escalating trend globally of medical research being increasingly targeted by espionage motivated focused threat actors,” Proofpoint stated.