CS Mar-Apr 2024

More documents

Recommendations

Info

energy industry critical manufacturing. Over the years, a wide range of sectors have become more reliant on industrial control systems - such as SCADA, Programmable Logic Controllers (PLC) and Distributed Control Systems - for monitoring processes and controlling physical devices, such as pumps, valves, motors, sensors etc. The most high-profile example of a cyber-attack against critical infrastructure is the Stuxnet computer virus. The worm, which targeted PLCs, disrupted the Iranian nuclear program by damaging centrifuges used to separate nuclear material. The incident caused concern, because Stuxnet could be adapted to attack the SCADA systems used by many critical infrastructure and manufacturing industries in Europe and the US. In one of the only public examples of a SCADA attack, a German steel mill suffered major damage after a cyberattack forced the shutdown of a furnace, the German Federal Office for Information Security reported in 2014. The attackers used various social engineering techniques to gain control of the blast furnace systems. CONTROL SYSTEMS TARGETED Cyber-attacks against critical infrastructure and manufacturing are much more likely to target industrial control systems than steal data, according to the Organization of American States and Trend Micro. Its research found that 54% of the 500 US critical infrastructure suppliers surveyed had reported attempts to control systems, while 40% had experienced attempts to shut down systems. Over half said that they had noticed an increase in attacks, while three-quarters believed that those attacks were becoming more sophisticated. HACKERS’ EYES ON WEAK SPOTS According to Nation-E's Edry, hackers are becoming much more interested in operational technology: the physical connected devices that support industrial processes. "The vulnerability and lack of knowledge of operational technology is the most dangerous thing today," he says. As an example, he cites a cyber-attack against a New York City office block in which a hacker accessed the building management systems - which can control power, communications, security and environmental systems - via a connected vending machine. The building shutdown resulted in estimated damage of $350m from lost business. However, the security of industrial control systems and connected devices has fallen behind that of IT systems. Many of the connected devices used by industry are based on serial communication technology - which Edry likens to the beeps and squeals associated with the old-style internet dial-up. He believes that operational technology is a vulnerable and poorly protected element of cyber security. While IT infrastructure has given rise to an army of cyber security consultants, products and services, industrial control systems by comparison are not well served. On top of that, he states, growing digitalisation and the 'IoT' could create a perfect cyber security storm. He notes that, where a company would once have control over its systems, physical networks and servers, the trend has been to run devices, software and data through virtual networks, such as cloud computing. "Even the network is now off the network." Confidence in data and systems security is key, if society is to benefit from the potential efficiencies that the IoT can bring. "The digital age is here. We can't prevent it. It is becoming part of us. But we see news headlines of breach after breach. We are losing our confidence in the digital age." Edry believes that more needs to be done to deter cyber criminals and to protect operational technology. The cost of creating a successful attack is small for cyber criminals, which is why there are now so many attacks. "We have seen that, as the cost of launching a successful attack has gone down, the number of attacks has risen,” he comments. "So, we need to develop technology to increase the cost of successful attacks. We can't stop 100% of attacks, but we can create technology to increase the cost, so that the hacker says: 'I don't want to deal with this organisation, as it will cost me a lot of time and computer resource'. If we can prevent the damage, it will incentivise insurers to offer higher limits and give customers more incentive to buy." 28 computing security March/April 2024 @CSMagAndAwards www.computingsecurity.co.uk
ansomware NEW THREAT ACTORS SEND RANSOMWARE ATTACKS SOARING SOPHISTICATED ATTACK METHODS SURFACE, WITH HEALTHCARE BECOMING A PROMINENT TARGET In December last year, global levels of ransomware attacks fell by 12% from November, with a total of 391 cases, compared to 442 in the previous month, according to NCC Group's December Threat Pulse. Good news? Not really. The figure for December took the total number of ransomware attacks in 2023 to 4,667 - far beyond NCC Group's initial expectations that cases would hit 4,000. The annual total marks an 84% increase from all recorded ransomware attacks in 2022. Despite the usual threat groups responsible for ransomware attacks, December 2023 saw three new groups enter the top ten most active. Data reveals that newcomer Hunters ranked in fifth place with 22 cases (6% of total). The group is believed to be a rebrand of Hive, dismantled by Europol and the FBI earlier in 2023. DragonForce ranked in sixth spot, responsible for 21 cases (5%), and has been active since Summer 2022. WereWolves also joined the ranking in tenth spot, with speculation that they are a LockBit affiliate. North America and Europe remained the two most targeted regions in December, with 80% of global attacks between them. North America experienced 51% (199) of all attacks, down from 219 in November, with 114 attacks in Europe marking a 29% regional reduction in cases. Claiming third place, Asia witnessed 37 attacks, also representing a decrease of 20%. Most notably, the data also reveals that attacks in Russia rose in December to 12 cases, accounting for 11% of all attacks levied against targets in Europe, compared to the whole of 2023. Despite healthcare not placing in the top three most targeted sectors, it is now regarded as frequently at risk of ransomware attacks. Following October and November, where it was in the top three most targeted sectors, the total volume of ransomware attacks on healthcare in 2023 has resulted in it being considered at similar risk to other sectors. INCREASED ACTIVITY OF MALWARE FAMILIES In December, malware families (a group of applications with similar attack techniques) were more active than previous months. Two malware families, Hydra mobile malware and the unexpected activity of Qakbot, following the malware family's infrastructure take-down at the end of August, were notable. The infostealer Meduza Stealer also resurfaced in December, with a new version to help cybercriminals make their attacks more sophisticated through methods such as accounts takeover (ATO), online-banking theft and financial fraud. The re-emergence of significant malware families helps attackers to develop their own methods of gathering intelligence and understanding vulnerabilities, to prepare for the delivery of ransomware to their victims. Matt Hull, global head of threat intelligence at NCC Group, comments: ""Closing 2023 with over 4,000 global ransomware attacks is reflective of the sharp rise of cyber-criminal activity, compared with 2022. Over the year we've seen the development of sophisticated attack methods, allowing both new and old threat groups to exploit vulnerabilities of victims across a range of sectors and, in particular, present threats to healthcare where we've seen notable successful attacks over the last 12 months, with vast volumes of data being compromised." Matt Hull, NCC Group: sharp rise seen in cyber-criminal activity in 2023. www.computingsecurity.co.uk @CSMagAndAwards March/April 2024 computing security 29
Page 1: Computing Security Secure systems,
Page 4 and 5: Secure systems, secure data, secure
Page 6 and 7: news TORSION ANNOUNCES FILING OF PA
Page 8: news Greg Wetmore, Entrust. TIME TO
Page 11 and 12: legal focus GETTING YOUR ACT TOGETH
Page 13 and 14: artificial intelligence stratospher
Page 15 and 16: artificial intelligence "In an intr
Page 17 and 18: Computing Security Secure systems,
Page 19 and 20: 2024 predictions ?? ? actors can so
Page 21 and 22: 2024 predictions ?? ? security is t
Page 23 and 24: iometric cybersecurity the previous
Page 25 and 26: data management NEW DATA STATS ARE
Page 27: energy industry incidents in 2020 -
Page 31 and 32: penetration testing I.T. SYSTEMS RE
Page 33 and 34: endpoint protection GETTING STRAIGH

CS Mar-Apr 2024

Create successful ePaper yourself

Delete template?

Save as template?