5 WAYS TO DEFEAT NATION STATE ATTACKS
We depend on critical infrastructures to sustain our daily lifestyles and are integrated into our daily activities making critical infrastructures the backbone of our vital systems. The integrity of critical infrastructures depends on outdated legacy systems, such as Windows XP, which are the most vulnerable to nation state attacks.
“About 75 percent of the devices that are control systems are on Windows XP or other nonsupported operating systems,” said Daryl Haegley, program manager for the Office of the Assistant Secretary of Defense for Energy, Installations and Environment.
download 5 ways to defeat nation state attacks
Targeting industrial control systems that facilitate critical infrastructures are easy targets for cyber criminals due to: the plethora of ICS vulnerabilities; budgetary confinements; sophisticated cyber criminals striving to be rewarded in recognition and monetarily; all factors that increase the chances for an APT (Advanced Persistent Threat) group successfully disrupting critical infrastructures. Nation states funding cyber criminals to develop APT groups targeting discontinued/ unsupported/outdated control systems, lacking relevant security measures is a combination for a worldly disaster.
The objective of an APT attack is hitting a targeted vulnerable system, gaining privileges to manipulate and possibly shut down. ICS vulnerabilities make control systems such as SCADA, a hotbed for potential attacks. The largest and most expensive APT development effort in history Stuxnet, hit headlines nearly a decade ago, in the debilitating Stuxnet attack that damaged centrifuge rotors in a consolidated nation state/s mission, executing a cyber weapon to paralyze Iran’s nuclear weapon development. Stuxnet’s development was ahead of any type of detection and disabled Iran’s nuclear program without Iran detecting any type of invasion.
On December 23, 2015, Ukrainian power companies were hit with the BlackEnergy (BE) malware causing power outages across Ukraine in the cold winter. “However it is important to note that the role of BE in this event remains unknown pending further technical analysis”, ICS- CERT. Years have gone by and BE has yet to be resolved.
Hidden threats resulting from APT lurk deep in control systems, in most cases for an extended period of time before an attack is launched and due to the sophisticated capabilities of malware, some potential malicious tactics used by cyber attackers such as, AtomBombing or Process Doppleganging leave no trace, making it challenging to analyze.
Vulnerabilities, flaws that can be exploited by malicious attackers, enabling unauthorized access to control systems or allowing sophisticated attackers greater privileges. ICS vulnerabilities threaten business continuity for critical infrastructures due to: legacy systems; lack of vulnerability assessments; security gaps in patching; poor logging; an overwhelming log of alerts; new sophisticated methods of attack on legacy systems can all increase the opportunity of a malicious attacker to exploit an ICS vulnerability. Defensive security with self-defending capabilities, minimizes the risk of exploitation of vulnerabilities preventing the consequences of an attack.
WannaCry is an example of how these critical infrastructures can be taken off the grid when not protected. Last year, enSilo’s customers that depend on outdated systems (legacy systems) to run their electronic manufacturing facility, were relieved to know their servers and devices were protected from the devastating outcome caused by WannaCry, NotPetya and multiple variants of ransomware without the need to update.
enSilo blocks malicious malware within critical communication paths utilizing real-time technology, preventing cyber attackers from gaining access to deployed devices/servers blocking attempts from a potential emergency shutdown.
FILELESS/FILE BASED ATTACKS
Fileless attacks AKA non-malware are becoming more common these days. Attackers don’t need to bother with creating payloads and “non-malware” are effectively bypassing traditional methods of cybersecurity. enSilo isolates “fileless” or file based malware that has evaded traditional security systems from stealing or modifying data and gives complete visibility of attacks.
Now, attack methodology can be prevented by having full protection visibility of the entire control system environment, protecting critical infrastructure systems from attackers hiding within networks. enSilo contains malicious activities resulting from exploited vulnerabilities.
Secure control systems with post-infection protection, eliminating the 140 day average time it takes for an internal team to implement patches. Protect business continuity from attacks that are typically bypass security methods, virtually undetected.
Widespread attacks across the world could be triggered by a single vulnerability, just as WannaCry did. Most say that WannaCry was a preliminary test and we should expect a more devastating attack in the near future.