If there’s been one significant change in Automation World reader interests in the past year or two, it would be around the issue of cybersecurity. Just a few years ago, whenever we posted content on the topic of cybersecurity, those articles received good levels of traffic, but nothing significant. However, in the past year to 18 months, that has changed dramatically. Cybersecurity articles are now among the top content draws on our site.
With that in mind, I connected recently with Chris Weber, co-founder of Casaba Security, to find out if anything has changed with regard to the standard issues surrounding manufacturing cybersecurity. (Casaba Security is a white hat hacking firm that consults for the industrial, financial, technology and government sectors). It turns out that things have changed quite a bit recently—most notably, around the types of attacks being aimed at manufacturing sites.
“Right now, we’re seeing a new wave of stealthy, sophisticated attacks that bypass standard security measures like firewalls, malware detection and intrusion detection systems and pose a serious threat to the operations and safety of manufacturing companies,” said Weber. “Previous defenses may work sufficiently against older threats, but they’re getting completely blind-sided by these newer, more sophisticated attacks.”
Behind these new attacks are “state-backed spies, in an effort to steal technology and production secrets and map America’s industrial assets; organized crime, which can profit from stealing and reselling intellectual property as well as using cyber-extortion to make money; and hacktivist groups which simply want to cause chaos and disruption and generate public attention,” he said.
Considering the changing cybersecurity threat level faced by manufacturers, Weber cautioned manufacturing firms to be most concerned with four specific types of attacks. Those attacks are:
* Drive-by Downloads. “In this type of attack, malware is installed on a person’s computer or other device as soon as they visit a compromised website,” says Weber. “This website may be criminally controlled/hosted or it could be a legitimate and widely used website which you’d never suspect to be the source of an infection.”
* Cross-Site Scripting. Like the drive-by download, cross-site scripting (or XSS) takes advantage of legitimate websites to conceal its attack. But the XSS doesn’t install malware on the computer. “Instead, it steals all stored login credentials and passwords from within the browser,” Weber says. “Consequently this attack could expose a manufacturer to considerable harm, allowing attackers to gain access to key online accounts, network control and access, machinery system access, client and vendor portals, bank accounts and more. In most cases, XSS is an attack that is delivered over email using a legitimate-looking URL to execute the attack.”
* Watering Hole Attack. Weber notes that hackers typically have a specific company or industry in mind when they set up this kind of attack. “They find a website regularly visited by employees of that company or industry and inject malicious code into it that will target visitors,” he says. “Once employees of the targeted company visit the website, they are infected either through a drive-by download attack or ‘malvertising,’ which is when malware is delivered through a third-party advertising network on a website.”
* Wrappers. A wrapper is a type of malware concealed inside a legitimate software program to make it undetectable. Weber explains that every software program has a signature that tells you what it is. Malware has a signature too. “Antivirus and intrusion detection systems work by checking incoming code to see if the signatures match any known malware,” he says. “If detected, the harmful program is caught and isolated. However, hackers have figured out that if you can change the code, you can beat the detection tool. Wrappers are a key part of this because, instead of seeing this malware for what it is, a detection tool will think it’s something legitimate—like a PDF, Word doc, a computer game or utility tool.”
To thwart these types of attacks, Weber says manufacturers have to adopt “a very robust defense-in-depth approach, that is equally devoted to prevention and post-breach mitigation.”
In addition to a strong perimeter defense using malware detection, firewalls, and access controls to data and systems, “you should use email white lists for executives, password managers for all employees, and make sure there are no open ports connected to the Internet,” Weber says. “You should also do public domain audits to make sure no sensitive information can be accessed online via advanced search queries, and make sure no single employee has access to too many systems. Also, consider adding script-blocking plugins to employees’ Internet browsers which will block some of these attacks.”
You should also plan for the worst. Weber says that every manufacturer should assume they will be breached. To deal with this, you should “segment your network as much as possible so that if a hacker or malware gets in, they can’t easily move across the entire network. Encrypt critical data so that even if the attacker gets it, they can’t use it. Backup data, so that they also can’t ruin you by deleting or encrypting the data,” he says.