Cyber Threats from infrastructure upgradation

-

As large production units, steel plants, mines, manufacturers, and oil-n-gas facilities face increasing pressure to spice up production and minimize extraction and purification prices, modernization of internet sites and systems is inevitable. The adoption of the latest technologies in oil and gas facilities might be a dual-edged weapon. 

On one facet, their area unit obvious advantages of implementing industrial IoT (IIoT) devices to spice up efficiencies and crop operational prices. On the other, their area unit inherent risks associated with system upgrades. 

While human error will cause incidents a bit like the one for Columbia Gas, similar incidents might whilst simply become the work of terrorists. Oil and gas executives are aware that once-isolated operational technology (OT) networks charged with purification, combining and distributing fuel area units more and more connected to the “outside world” via the internet IoT (IIoT). In addition, modernization inevitably involves some extent of digital transformation, that exposes facilities to tons of security threats than ever before. 

Attacks like BlackEnergy, Industroyer, VPNFilter, and Wannacry are a few of the malware campaigns that have affected vital infrastructures. These actors in some cases were knave factions, also as nation-states, that hacked into industrial networks and caused the disturbance. However, the threat from intervals is additionally present and very important. Insiders have “the keys to the kingdom” or a minimum of acumen to hunt out them. The IIoT threat The internet of things (IoT) and IIoT show tremendous promise for up oil and gas operations. Increasingly, firms area unit finance within the worth saving and productivity-enhancing advantages of networked sensible devices, which can communicate and coordinate with one another via the online. 



The IIoT downside?

Few vendors and customers have absolutely scared of security risks associated with the technology. The introduction of the latest access points into the company’s network, and therefore the present lack of security standards for IoT devices, will produce holes for punching through perimeter defenses. 

However, the planned or (worst-case scenario) unplanned introduction of IIoT devices into your enterprise network creates opportunities for a bunch of external and internal threat actors, 

including: 

  1. Freelance of an organization or cluster, or somebody incited by an organization or cluster. 
  2. State-sponsored adversaries working on behalf of a government, whose activities will span computer-based and physical attacks. 
  3. Terrorists acting alone, 
  4. External cyber attacks caused by hacktivists to plug a political agenda or a social cause.
  5.  Internal attacks created by malicious insiders, sort of a dissatisfied worker or third-party contractor 

Unintentional mistakes because of human error can cause injury or damage to production because of incorrect changes to industrial processes or instrumentation. Another variation like account hijack resembles an associated degree of attack since it happens once an external wrongdoer hijacks a licensed user’s account (employee, vendor, integrator, etc.).This vector is generally achieved by victimization, social engineering techniques like phishing emails and or a “call from the IT department” requesting the user’s ID and secret. 

IIoT makers often pre-configure devices with a default secret, that would be a time-saver for OT employees. However, this profit is additionally a significant security flaw. Once many thousands of devices share identical default passwords, attackers will simply compromise organizations that neglect or designedly plan to not modification them. 

Several IIoT devices cannot be patched or vendors don't issue patches for well-known vulnerabilities, thus missing patches area unit another severe drawback for organizations. 

Most organizations have endless IIoT device lists that reach on the far side ancient OT to include alarm systems, cameras, thermostats, motor drivers, rollers, selling machines, etc. Even associated apparently harmless devices will create a threat. As an example, you want to never connect or integrate an IoT coffeemaker to your IT or OT network, since the machine has no safety features. 



Regardless of the IIoT device kind, attackers will use any or all of them as stepping stones to compromise your IT and OT networks. For example, several IIoT devices have exposed net ports, that attackers will use to bypass your firewall. Once within your network, a hacker will neutralize depth injury between OT infrastructures and move laterally between them. 

There are several network monitoring tools available in the market that might provide you the traffic insight but can never understand the codes being sent to your PLCs or endpoint equipment.

This whole scenario brings us to a stage where you strongly require an overall solution to clearly see each movement in your IT and OT network. For process networks you need to deploy a smart solution that can monitor the pre-civilization commands, your PLCs understand.  A dedicated team is also required for identifying the anomalies which intentionally or unintentionally can affect your production unit.


Comments

  1. Ana Cyber27 October 2021 at 15:49

    Thanks for sharing the best information and suggestions, it is very nice and very useful to us. I appreciate the work that you have shared in this post. Keep sharing these types of articles here. Cyber security companies

    ReplyDelete
  2. ITGOLD Solutions10 March 2022 at 22:07

    I examine your blog site presently share great information right below. Sophos antivirus Brisbane

    ReplyDelete

Post a Comment

Popular posts from this blog

What is OT Security?

-
Image
A non-theoretical explanation of OT Security. In our normal Cyber Security practices, OT Security is an unusual keyword. Be it LinkedIn or Job portals the search results fetched using OT Security are mere small compared to other Cyber Security keywords. But in the practical world, OT is the most important term and line of service for any industry. If you look at the image the orange portion is the IT network. This IT network grabs most of the cybersecurity budget of an organization. We design secure networks, deploy firewalls, write ACL rules, and implement SIEM solutions to protect the IT infrastructure. Why? Because of inherent ideas, we assume systems that are connected to the internet and visible as a desktop or laptop are the attack surface of a cyber adversary. But if the revenue generation is taken under consideration then it can be observed that these systems are only supporting elements of operations, finance, sales, etc. Obviously, these are very important com...
Read more

Demystifying SCADA Testing - P1

-
Image
There is a big difference between doing pen-tests in IT and doing it in SCADA. Tools and methodology outlines will be almost the same but the main concern is availability. You need to know certain things before attempting to find flaws in industrial networks. Else, you won't realize why shift managers were rushing here and there while you were sitting in their control room with your test laptop. Approach: Always remember we are not trying to prove anything by breaking stuff ruthlessly. A PLC or RTU, stuck in a loop, can delay production for several hours, creating not-so-funny consequences. While trying to assess cyber risk in plants our aim should be clear. Here are few points to keep in mind. Find out unnecessary hosts in the network. These hosts can be legitimate, else they are leaking into the plant network by a badly configured switch or the plant team was badly stuck with finance and they have used a generic switch (those household tp-link/d-link devices).  Try to impersonate...
Read more
-
Image
  M ongoDB is a popular NoSQL database that has been widely adopted by many organizations for its scalability and flexibility. However, with the increase in cyber attacks, it is important to ensure that MongoDB databases are secure to prevent data breaches. As a security engineer, I had to face challenges while creating security checks and security plans on MongoDB. I am trying to collate the sweeter grapes of that journey in this write-up. Some resources might seem a bit high-level, but these can be utilized to come down to a granular level as per your org setup or requirements. Let’s begin :) Authentication MongoDB provides authentication features that allow users to access the database only after providing valid credentials. MongoDB supports several authentication mechanisms, including LDAP, Kerberos, and x.509 certificates. However, SSO integrations for authentication have been the best approach so far. There are various SSO providers, as an example you may use OKTA as SSO inte...
Read more