20 May 2016
Industrial control systems (ICSs) in factories and refineries are joining critical national infrastructure (CNI) as new targets for cyber criminals, security expert Eugene Kaspersky has warned.
He believes online threats are now poised to direct their activities more at the industrial sector, as attacks on CNI globally have exposed how vulnerable connected field-level industrial equipment is.
Speaking in London last month, the Kaspersky Lab CEO said attacks on ICSs are growing, although the extent of the problem is unclear because targets are sometimes unaware that they have been hit, and incidents are not publicly disclosed.
Kaspersky reckons that the range of targets is widening to include sectors previously ignored by cyber crime, such as freight and inventory management.
“Criminal gangs are hacking cargo control systems at ports to ensure that containers carrying drugs get clearance to enter freely, and Somali pirates know which containers on hijacked freighters are worth taking, because they hold the highest-value goods,” he said.
Last December, a hack on Ukrainian power plants caused outages to 80,000 consumers and showed how vulnerable older infrastructure is.
“Some [plants] had to be brought back up manually by engineers on site,” Kaspersky said. “Newer power systems are more sophisticated but have no manual override, so might take longer to restore to operation.”
The motivations for the widening range of attacks include fraud, theft, extortion and ransomware. Kaspersky urged enterprise IT and industrial IT practitioners to make more effort to co-operate and share best practice.
Kaspersky Lab has also conducted field research at an unnamed private clinic to explore its security weaknesses. The company found vulnerabilities in medical devices that ‘opened a door’ for cyber criminals to access the personal data of patients, as well as their physical well-being.
The firm also discovered a vulnerability in a medical device application through which attackers could gain control access to the device itself.