Cyber-attackers smell blood in the water

by Elad Ben-Meir, CEO, SCADAfence.

The sudden spike in digitisation was not born of a well thought out plan but of confusion. On a conventional battlefield, or in cyberwarfare, the secret to winning is to outwit your opponent. 5 steps…

 

The Covid-19 outbreak left most of the global workforce with no choice but to transition quickly, in some cases overnight, to working remotely. This meant opening up networks to exponentially more external connections, corporate networks and even networks which were previously closed to remote workers or which provided extremely limited access.

Cyber-attackers can now smell blood, realising that the sudden spike in digitisation was not born of a well thought out plan (in most cases) but of confusion, economic uncertainty and a raging pandemic. The need to facilitate remote work has opened up many new back doors for attackers to leverage. While organisations and governments struggle to cope with the social and economic repercussions and aftermath of the current Coronavirus crisis, many are now neglecting to provide sufficient protection to critical infrastructure such as power and water facilities. Such targets are highly attractive both for ransomware gangs and state-level threat actors.

The increasing digitisation of the running and management of utilities such as power stations and the widespread adoption of the Industrial Internet of Things (IIoT) means that previously ring-fenced stand-alone systems have been taken online, creating numerous potential entry points through which skilled hackers are now accessing control rooms and other mission critical systems. For example, all water treatment and supply processes are critical and are highly sensitive to manipulation. By nature, the water sewage systems are widely distributed with many unmanned sensors and actuators. Today, during the Covid-19 outbreak, there are even fewer pairs of eyes monitoring these systems than usual.

There is growing evidence that threat actors from hostile nation states are now starting to target these vulnerabilities in what is feared will be a new wave of cyberattacks on crucial utilities. Iranian cyber attackers recently used American servers to launch a series of attacks on Israeli water infrastructure sites, specifically targeting sewage and chlorine treatment for drinking water. Such attacks can be particularly dangerous in the context of the current global health crisis.

In the past couple of months, cyberattackers have also targeted the US Department of Health and hospitals. The World Health Organisation also reported a fivefold increase in cyber attacks in April alone. Interpol reported a 475 percent increase in cyber-attacks during March and April, with significant cyber-attack volumes continuing during May. It can now only be a matter of time before we read news of a major cyber breach of an industrial organisation or of major critical infrastructure.

The number of external connections, third-party vendors and remote workforces has grown exponentially over lockdown. So how can organisations protect themselves from becoming the high-profile victim of a major cyberattack?

Five steps organisations can take to mitigate remote access risks

On a conventional battlefield, or in cyberwarfare, the secret to winning is to outwit your opponent. Every CISO recognises the need to reduce the attack surface, not an easy task when corporate networks have been extended into millions of remote worker’s homes – not necessarily with the right security measures in place. In order to safeguard their increasingly vulnerable corporate networks under these unprecedented circumstances, companies should follow a simple five-step plan.

The first step in planning an effective defense is to first identify what needs to be defended. Having full visibility and knowledge of all assets and how they are connected is key. This must be followed by tracking and managing user activities and access management. It is essential that all new remote users fully comply with corporate policy for endpoint protection and patch management on their personal and work computers.

The second step is to reduce the attack surface. To achieve this, it is crucial to gain a full understanding of all communication patterns and protocols being used within the network, removing those that are unused or have deprecated. Wherever possible, insecure protocols must be identified and replaced with secure and encrypted protocols. To further reduce the attack surface, it is recommended to switch off ports that are not in use, and to deny access to the internet when not required.

Thirdly, organisations must acquire the ability to forecast an adversary’s next move, examining the network from an adversary’s perspective to identify weaknesses. Ongoing risk assessments should be made in tandem with the security team to fully understand the network’s attack vectors and how to defend against them. Threat intelligence based Red team/Blue team exercises for penetrating the network should also form part of this process.

The fourth step is to segment the network to ensure that, should one segment be compromised, the other segments are still secure, substantially reducing the risk exposure of the organisation. Segmentation should provide the optimum balance between risk reduction and minimal business impact. Once segmented, the segmentation must be constantly monitored to ensure it does not break and become ineffective.

The final step is to ensure that all levels of the organization are fully briefed and prepared on what to expect in the event of an attack. This involves educating the executive team, defining playbooks, and practicing them with the full team.

It has been predicted that 2020 may be the year where the largest cyber-attack in history will occur. Gaping holes in security, remote access connections and a global pandemic are contributing factors to the cyberattacks that are growing on a daily basis.

 

The good news is that organizations which follow the above guidelines have a very strong chance of braving the current storm, while remaining safe and secure – no matter what 2020 throws at us next!

Contributed by Elad Ben-Meir, CEO, SCADAfence.

 

The original post can be found on SC Media:

https://www.scmagazineuk.com/cyber-attackers-smell-blood-water/article/1684105