Who’s most likely to hack your systems?
- May 26, 2021
- Posted by: Kerry Tomlinson, Archer News
- Categories: Archer News, Cyber Crime, Cyber Crime, Cyberattack, Cyberattack, Industrial Control System Security, Posts with image, Power Grid, Power Grid
Who’s most likely to hack your systems? Is it a nation-state or a top-level ransomware crime group? Keep your sights a little lower.
The first hack on your system likely will come from a lower-level attacker, says an industrial cybersecurity researcher.
You see the headlines about cyberattacks and you might think you need big guns to protect yourself from the giants in cyber crime, like hacker spy agencies for foreign powers and dark web kingpins.
But while you’re paying attention to the big ones, smaller attackers may be worming their way into your systems.
“Because you’re waiting for the big, 800-pound gorilla to come through the door,” said Jason Larsen, security researcher with Waymo.
Your more common enemies are the smaller “two-pound platypuses”, Larsen said in an interview with Archer News.
How It Works
Larsen hacks critical industrial control systems like power plants to show companies how to protect themselves. A cyber attack on industrial machines could lead to big trouble with your gas, water, power and other things.
The criminal hackers — the two-pound platypuses — are not necessarily looking for those critical systems, but instead for any way to get in to any system at all.
“Most of the activity that you would see on your network is really this untargeted activity and it only becomes a super big problem at the end when somebody grabs it and says, ‘Oh, well, I have this. And that’s really useful. And I can use it in all of these interesting ways,'” Larsen said.
They may use that access themselves or sell it off on the underground market.
“If they hacked into your control network, they probably didn’t just sell it to one person,” Larsen explained. “Unless they want to do business with that person long-term, it’s like, ‘Oh, you want access? Here’s some access. Oh, you also want access? Well, here’s some access as well. ‘”
Someone along the way may realize what they can do with the keys to an industrial network, like trying to hold your gas pipeline hostage, change the chemicals in your drinking water, stop a food factory from running until it pays up, and trying to control your power from afar.
What can you do?
Larsen recommends a focus on the platypus-level attacks, not just the 800-pound beasts on a rampage.
He’s not the only one. Security company FireEye released a report this week saying that low-sophistication attacks against operational technology or OT, the kind you find in industrial facilities and critical infrastructure, have increased significantly over the last few years.
Targets included operational technology in solar energy panels, water control systems, building automation systems and home security systems as well.
Protecting Your Systems
In light of these low-level industrial attacks, FireEye recommended steps like these:
—Remove OT assets from public-facing networks.
—Apply common network-hardening techniques to remotely accessible and edge devices, such as disabling unused services, changing default credentials, reviewing asset configurations, and creating whitelists for access.
—Determine if relevant assets are discoverable using online scanners such as Shodan and Censys.
—Configure human machine interfaces and other control system assets to enforce acceptable input ranges and prohibit hazardous variable states.
These kinds of basic steps may be “less sexy” than shiny new technology solutions, but are crucial, some experts say.
“Taking the time to seek and harden fundamental vulnerabilities can move the security needle more than addressing threats that get celebrity press,” said Mieng Lim of Digital Defense in Dark Reading on May 4. “Admittedly it’s low-glamor work, but essential for the best results.”
Keeping the People
For Larsen, it’s important to keep people in the mix as well, instead of relying too much on technology to solve cybersecurity problems
“Having a person that day-to-day is looking for anomalies in your logs and is actually interacting with the security of your system all the time is going to catch nearly everything.,” he said.
“Humans are good for security,” he added.
Main image: Platypus in Australia. Image: Slowmotiongli/iStock