After a year that began with the fall-out from another Ukraine electric grid attack, saw the discovery of the first toolset since Stuxnet to target physical systems (CrashOverride/ Industroyer) and included significant harm from ransomware attacks (WannaCry, Petya/NotPetya), what’s in store for 2018?
Our team looked ahead 12 months and thought about how ICS cyber security will be different at the end of that period. From there we came up with 5 predictions you won’t want to miss.
Recently reports of a new ransomware malware known as Bad Rabbit was making headlines in the press. A suspected variant of NotPetya, Bad Rabbit spread quickly through IT networks in Europe and elsewhere.
Our research indicates that while Bad Rabbit infections started to be reported in late October, the group behind the attacks started creating an “infection-network” in July. While not reported as impacting industrial systems, industrial operators should take note of this attack and what it means for their cyber resiliency programs.
Updated May 19, 2017
The WannaCry ransomware malware broke onto the world scene on Friday May 12, 2017 when it infected over 200,000 computers in more than 150 countries. Thankfully, the impact on manufacturing systems and critical infrastructure was relatively low. However, while WannaCry’s spread has been curtailed for now, new variants have been reported.
Immediate actions are to determine whether your systems are vulnerable by identifying computers and devices running Windows operating systems not updated with the latest security patches or communicating with the SMB1 protocol. If these situations exist, you need to execute a plan to mitigate and protect against these security weaknesses.
While we can take a deep breath that WannaCry did not shut down essential services such as power systems and water systems, the malware is certainly a very loud wake-up call Let’s look at what can be done immediately, and over time, to prevent and mitigate ransomware infections to industrial systems.