CyBlog: This Week in Cyber Security

This week in the world of cyber, the top predictions of what will be trending in 2017 are flooding the web. Talks of industry and utility hacks, scares of increasingly complex malware attacks and pleads of a more stringent cybersecurity system are more prevalent than ever.

Surprise! Your Operational Technology is connected to the Internet

Discussions of the Ukraine power grid hack have been continuing in the news since before the holidays, with constant updates on the follow-up attack and how they’re connected, as well as what this could mean for the industrial and utility world as thousands were left without power.

Kiev (pictured here) is the capital of Ukraine, a victim in one of multiple malware attacks on their power grid.

Kiev (pictured here) is the capital of Ukraine, a victim in one of multiple malware attacks on their power grid.

Security Week, an internet and enterprise security news and analysis publication, predicts that cyber extortion will further target utility plants due to industrial network air-gaps. This makes it easy for cyber attackers to infiltrate SCADA and ICS systems, and possibly PLCs.

The publication also says that due to the increase in interest of interconnectivity and lack of protection within systems, ICS networks are becoming more complex and more exposed to external threats.

Read more on assessing your SCADA system and the upgrading process in our free white paper. 

Cybersecurity and Malware in the World of OT

With the growing and continuing risk of ransomware infiltrating company systems, cybersecurity is even more of a hot-topic for companies than it was in 2016.

ransomware

A possible pop-up screen after malware has distributed into a system.

eWeek, a news publications specializing in the IT industry analysis and technology news,
reported that co-founder and CEO of Keeper Security Darren Guccione predicts small and medium-sized businesses will be more at risk for cyberattacks and data breaches in 2017.

Ransomware isn’t going away. In fact, it’s going to get more effective as hackers become better at embedding the viruses into emails through phishing, a fraudulent practice of sending emails within a company in an effort to steal personal and company information.

As a result, he recommends increasing investment in security defenses to be protected against these increasing threats.

Another prediction from eWEEK is hacks will be getting increasingly more complex. Rather than just single threat vectors, hybrid attacks will be more common. What does this mean? Hackers will be able to infiltrate your system, and then hide their tracks. By using a combination of phishing to deliver malware and then launching a Denial-of-service (DDoS) attack, the system is disrupted and suspends all services connected to the internet. This compromises various systems and is often infected using a Trojan virus — a type of vicious malware disguised within a user system as software.

Lansing

Cybercriminals hacked into and compromised a utility in Lansing, Michigan, at the end of 2016.

Watch our on-demand webinar on securing your operational technology.

The Dangers of Outdated Operational Technology

Speaking of DDoS attacks, Lloyds Banking Group, Britain’s largest mortgage lender, was hit with a viral attack on Jan. 11.

According to Reuters, the bank was “bombarded” with copious amounts of traffic from various systems to overloaded the server. This resulted in temporarily freezing customers out of access to their online accounts.

This comes just months after Britain’s first large cyber bank heist in November when Tesco Banking was hacked. Hackers took funds from 20,000 accounts, and the bank halted all online transactions, and amounted to 2.5 million pounds, or $3 million, in losses.

Shortly after, the European Union (EU) decided it was necessary to boost security and is considering an EU-wide stress test within the industry.

Unfortunately, EU banks “rely on a digital infrastructure that is rigid and outdated,” according to Reuters, and is considering new technologies in an effort to boost security.

Is your SCADA system outdated? Using outdated technology can be extremely harmful towards your internal infrastructure and leaves you at a greater risk for cybercrime.

Ransomware: Expanding into the Industrial Internet

The Dark Side of the Industrial Internet

Ransomware attacks are no longer just a threat for IT companies, but are rapidly creeping in and causing damage to the world of industrial infrastructure.

With a 300-percent increase from 2015 to 2016, ransomware attacks are amounting to over 4,000 daily, making it the fastest growing malware threat according to the FBI.

Ransomware blocks access to data within a computer system or network until a sum of money is paid, often in the online currency bitcoin.

Our partners at CyberX, a cybersecurity company focusing on OT networks and industrial infrastructures, reported that KillDisk malware has evolved into ransomware, transitioning from destroying data to encrypting it and then demanding a bitcoin ransom for the data to be returned to the user.

IT Locked Up, OT Wide Open

Disk-wiping malware previously used in cyber attacks responsible for disruptions within the Ukrainian power grid has found its way into the industrial domain.

In this incident, a control center worker for the power grid noted that his cursor started controlling circuit breakers on his screen, when he wasn’t touching it.

After changing the operator’s passwords and locking him out of the system, the hackers took an entire substation offline, which escalated to shutting down many more as he helplessly watched.

Much like what resulted in the Ukraine, this malware is being distributed through office email attachments, resulting in hard-drives and network-mapped folders becoming encrypted and information stolen as a result.

Industrial networks are commonly targeted due to the economic incentive, as well as the problematic situation it creates for companies. Not only does it put the data at risk, but can cause damage to production.RedDoorMailer

This is a prime example of companies locking their information technology (IT), but leaving their operational technology (OT) systems too exposed.

Download the free Cyber Security for OT guide from Gray Matter Systems and read more about securing the OT side.

Preventing Cyber Attacks

So what’s the most effective method of protection?

Prevention. Protecting SCADA networks is key to fighting cyber attacks.

By performing risk assessments on OT networks for vulnerable HMIs, Industrial Firewalls, PLCs and IIoT devices, vulnerabilities in the network are easily identified and fixed.

Had the power grid workers been required to log into the SCADA and data acquisition networks by using two-factor identification, this may have been prevented.

By creating the correct policies in place within OT systems, organizations can better ensure systems to be worked on safely and securely.

Take the Cyber Challenge

How much do you know, or not know, about your own OT systems?

Take our Industrial Internet Cyber Security quiz and gain valuable insight into your own operations and strategies.

Take the Challenge

Let’s Do This Together: Trends to Follow in 2017

Thanks to You

I want to take a minute to say thank you.

It was an amazing 2016 at Gray Matter and that’s because of you. When I look back on everything that’s happened in the past twelve months, I see a lot of faces. I see the faces of operations leaders becoming digital innovators. I see the faces of security chiefs, confronting growing cyber threats. I see the faces of our own Gray Matter employees excited about new innovations within our company.

Change is good. It pushes you forward. Makes you grow. Forces you to lean on different strengths and develop new ones. But when you’re in the middle of change it can feel disruptive, uncomfortable, exposing vulnerabilities you were hoping to keep out of view.

Right now our industry is in a period of major change. The power of the Industrial Internet is about using data to drive outcomes for customers. But sometimes that power can feel overwhelming. So I’d like to propose a new mission for 2017 – let’s do this together. As partners we can be strategic about how to confront the change in order to move forward.

Trend to Follow in 2017 – The Digital Twin

Industries like music, shopping and media have already experienced massive transformations in connectivity. Now it’s time for manufacturing, energy and water.

GE predicts that 20 billion machines will be connected by 2020. 20 billion machines.  Take that in for a second.

Everyday objects like your thermostat, lights and refrigerator all talk to each other through an internet connection. Now that connection is extending to factory machinery as operations are becoming digitized. It’s a revolutionary way to run more efficiently and save money.

You hear the term digital twin so often, but what does it really mean?

Simply put, creating a digital twin is the process of merging physical and digital worlds.

The process takes a physical machine and uses technology to get all the information about past states, present states and predictions.  That information creates a digital model that’s alive – taking in a stream of data – using that to adjust so the model is personalized to be a precise representation of the asset.

The software version is used for what used to be a physical inspection – requiring people to be right next to the machine. The virtual version can be done from anywhere and at any time, expanding the value of those inspections and allowing them to have more of a real-time impact. It creates a constant inspection that allows the operators to predict failures sooner.

The digital model of a machine, built and run in a virtual environment used to be available only to the biggest companies with the largest budgets. But the Industrial Internet and an explosion in sensor technology have lowered the cost and broadened the access beyond the elite.  People are not only connected to people, they’re connected to every kind of device at home and now work. Manufacturers stand to win big from this. Factory floors are outfitted with a tremendous amount of sensors to collect data, but because that data has been locked up it hasn’t provided value.

The digital twin allows us to unlock that data and not just for one asset at a time.  We can now model machines in groups – for example, a machine builder with thousands of machines installed across hundreds of customers – will now be able to operate best in class using digital twins.

There’s potential to unleash productivity and efficiencies like we’ve never seen before.

How Do We Get There

This is going to be the year where concepts like creating a digital twin become less of an idea and more of a reality.  So how do we get it done?

I believe one of the keys will be to link information technology and operational technology in a real way. The teams need to become one so there’s a full understanding on both sides. It can no longer be someone else’s problem – we’re all on the same team.

Our mission at Gray Matter is to transform operations and empower people.

Success in the Industrial Internet requires both parts equally. You create the digital twin and transform your operation by getting the information that allows you to be more productive and get the most out of your assets. But you also need the innovation and insight of people. Cultural and mentality changes will be just as important as the digital ones. Your people need to feel empowered by what they’re doing so they can make the best decisions and find new ways to take that increased productivity to new levels.

Let’s do this together and truly seek feedback from each other on how the next steps should look.

Happy New Year. Here’s to working together in 2017– I look forward to it.

Contact Gray Matter Systems

Get in touch with us!