SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Malware
#
Ransomware
Risk of downtime and data theft as ransomware targets Industrial Control Systems
Tue, 6th Jul 2021
FYI, this story is more than a year old
Author image
By Shannon Williams, Journalist
Follow us

There is a growing risk of downtime and sensitive data theft from ransomware attacks aimed at industrial facilities, according to new reports from cybersecurity firm Trend Micro.

Industrial Control Systems (ICS) are a crucial element of utility plants, factories and other facilities where they are used to monitor and control industrial processes across IT-OT networks.

According to Trend Micro, if ransomware finds its way onto these systems, it could knock out operations for days and increase the risk of designs, programs, and other sensitive documents finding their way onto the dark web.

Ryan Flores, senior manager of forward-looking threat research for Trend Micro, says because Industrial Control Systems are "incredibly challenging" to secure, there are plenty of gaps in protection that threat actors are clearly exploiting with growing determination.

"Given the United States government is now treating ransomware attacks with the same gravity as terrorism, we hope our latest research will help industrial plant owners to prioritise and refocus their security efforts," he says.

Trend Micro's report found that Ryuk (20%), Nefilim (14.6%), Sodinokibi (13.5%) and LockBit (10.4%) variants accounted for more than half of ICS ransomware infections in 2020.

The Trend Micro report also revealed:

  • Threat actors are infecting ICS endpoints to mine for cryptocurrency using unpatched operating systems still vulnerable to EternalBlue.
  • Variants of Conficker are spreading on ICS endpoints running newer operating systems by brute-forcing admin shares.
  • Legacy malware such as Autorun, Gamarue and Palevo are still widespread in IT/OT networks, spreading via removable drives.

The report urged closer cooperation between IT security and OT teams to identify key systems and dependencies such as OS compatibility and up-time requirements, with a view to developing more effective security strategies.

Trend Micro makes the following recommendations:

  • Prompt patching is vital. If this is not possible, consider network segmentation or virtual patching from vendors like Trend Micro.
  • Tackle post-intrusion ransomware by mitigating the root causes of infection via application control software, and threat detection and response tools to sweep networks for IoCs.
  • Restrict network shares and enforce strong username/password combinations to prevent unauthorised access through credential brute forcing.
  • Use an IDS or IPS to baseline normal network behaviour to better spot suspicious activity.
  • Scan ICS endpoints in air-gapped environments using standalone tools.
  • Set up USB malware scanning kiosks to check the removable drives used to transfer data between air-gapped endpoints.
  • Apply principle of least privilege to OT network admins and operators.
Related stories
RiverSafe teams up with Cribl to boost IT & data security services
Half of online traffic in 2024 generated by bots, report finds
Cisco launches Hypershield for AI-driven security upgrade
Keeper Security launches user-friendly passphrase generator
Axis unveils hybrid cloud platform for adaptable security solutions
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
Armis warns of major cyber-attack risk to 2024 global elections
i-PRO to support Genetec SaaS with new AI-enabled camera models
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption