Detecting Malware Infections in Building Systems
Detecting Malware Operating Within My OT/IoT Networks
In 2013, malware gained entry to the network of retailing giant Target and stole the personal and credit card information of 40 million people. It was originally thought that the infection occurred through the remote monitoring system of a HVAC system vendor, though later it was determined to be through accounting connections between the supplier and Target.
Nonetheless, the threat of an attack originating with a building management system vendor is real. Imagine your HVAC system was breached, causing a heating and ventilation failure or power outage at one of your properties. Such an incident could directly impact the safety and health of thousands of occupants.
Why is malware risk higher now than ever before? As buildings become “smarter” they are increasingly connected to other systems. They may be maintained remotely by third party vendors or connected to cloud applications for data analysis. This open and expanding threat surface is vulnerable to malicious intrusion.
As many BAS (Building Automation Systems) and IoT devices lack inherent security and use insecure communications protocols, the risk to your property is significant. Plus, consider the fact that the final payload of a BAS attack requires less sophistication that an attack on a critical infrastructure facility, because the physical processes involved in BAS are less complex.
Automated Monitoring of OT and IoT Networks to Identify Threats
- During early stages, Guardian’s anomaly detection flags irregular activity, such as malware that is beaconing out to an external Command and Control server (C&C). Its signatures detect specific content in network traffic related to the presence of the malware.
- During the reconnaissance stage, malware prepares for an attack by triggering a learning process. Here, Nozomi Networks’ anomaly detection identifies new commands in the host network. Even if the malware uses standard or proprietary transport control system protocols to communicate, the messages will vary from usual baseline behavior, allowing Guardian sensors to single them out.
- In both early and late stage attacks, Guardian enables you to implement new firewall rules to block communication or take other actions to stop further attack commands and limit harm.
Stay Up-to-date on Emerging Threats with Threat Intelligence
The Threat Intelligence subscription delivers up-to-date OT & IoT threat intelligence to the Nozomi Networks solution, making it easy for you to detect threats and identify vulnerabilities in your environment.
When new information is received, Vantage rapidly checks your network for the presence of new malware and vulnerabilities. If a threat is found, you are immediately notified.