Industrial control systems are often inadequately protected against cyber attacks, as security researchers from CloudSEK report. This also applies to companies in the critical infrastructure. A comment from 8com.
Countless companies and institutions are under attack by cyber criminals every day - in many cases without them noticing. Attacks from the Internet have increased continuously in recent years and by now every IT manager should be aware that a stable line of defense against cyber criminals is a duty.
Attacks on KRITIS have strong effects
Colonial Pipeline was able to observe what effects a successful attack can have on companies in the critical infrastructure. After a ransomware attack, fuel supplies collapsed in some parts of the US, leading to panic buying and gasoline shortages. In the end, the damage went far beyond the originally attacked company. The attack on the operating company of the port of Houston, Texas, shows that there is another way, because it was here that they managed to defend themselves against the intruders.
Good defense is a must
Despite such positive examples, unfortunately, far too many companies still neglect protection against cyberattacks - even in the area of critical infrastructure. This is also made clear in a report that security researchers at CloudSEK have just published. In it, they examined industrial control systems (ICS) with access to the Internet and their protection against cyber attacks on industrial, supply and production targets. The result: Although most ICSs offer a certain degree of their own security precautions, these can be quickly overridden by human intervention or errors.
Some of the most common issues mentioned in the report:
- weak or default credentials
- outdated or unpatched software
- Data and source code leaks
- Shadow IT
The latter means processes or programs that exist in a company without the knowledge of the official IT management, for example because an employee absolutely wants to use his usual image processing program that is not monitored for security gaps by the company's IT.
CloudSEK study looked for vulnerable ICSs
For the current study, CloudSEK also performed a web scan looking for vulnerable ICSs and found hundreds of vulnerable interfaces. The security researchers picked out four of the most glaring cases and described them in more detail. At an Indian water supplier, for example, the manufacturer's standard login information could be used to access the software that is used to control the water supply. Attackers could have changed the composition of the drinking water or cut entire parts of the city from the pipes. The Indian government also has to be accused of some avoidable security gaps, because the security researchers found a number of access data for mail servers freely available on the GitHub platform.
Credentials found on GitHub
The CloudSEK team also found hard-coded credentials from the Government of India on a web server that supported monitors for CCTV footage in various services and states across the country. At a company that specializes in managing and monitoring gasoline trucks, security researchers found a vulnerability that made it vulnerable to SQL injection attacks. In addition, access data for admin accounts could be found in plain text.
The study shows that beyond ransomware and phishing there are very real threats that should not be ignored. For companies, this means that they also have to regularly check their industrial control systems. This is to check whether they are up to date or whether further measures are required to ward off hackers.
About 8com The 8com Cyber Defense Center effectively protects the digital infrastructures of 8coms customers from cyber attacks. It includes security information and event management (SIEM), vulnerability management and professional penetration tests. It also offers the setup and integration of an Information Security Management System (ISMS) including certification according to current standards. Awareness measures, security training and incident response management round off the offer.