Critical infrastructures are “luxurious targets”, said Ido Yitzhaki (VP Business Development, ODI Ltd) at the second edition of Asia ICS Cyber Security Conference 2018, held at Resorts World Sentosa, 19th-21st Nov 2018
When the Black Energy malware struck the Prykarpattya Oblenergo power plant in Western Ukraine, reports indicated a spear phishing campaign was the initial point of compromise. 3 years later in Oct 2018, Ukraine critical infrastructures were attacked again – this time by Grey Energy malware. While an evolved and more sophisticated variant, the malware relied on the decades-old social engineering technique to gain access to the network – phishing.
Stuxnet, which hit the Iranian Nuclear Power plant in 2010, was delivered via a USB thumb drive into computer systems in the facility.
These episodes highlight that despite “air-gapping” – a physical separation of the network controlling the critical infrastructure (commonly referred to as operational technology) from the corporate infrastructure (or corporate information technology), cyber attacks on critical infrastructures are still on-going.
These case studies illustrate two main reasons for the occurrences:
- heavy reliance on mobile devices for data exchange (legitimate or otherwise) – including USB thumb sticks – which facilitates the malware infiltration or,
- infiltration via insider threat through the inadvertent clicking on malicious emails (or phishing), which opens up initial entry points for attacks to remote-access, conduct more reconnaissance and in many cases, gain understanding of network architectural designs and activities and personnel credentials…Click here to read full article.
