S.O.S. Secure Our SCADA
How Secure Are Critical Infrastructure Control Systems?
SCADA (Supervisory Control and Data Acquisition) systems were designed 20-30 years ago with a user friendly focused approach, with ease of open systems and built to last. The problem with this approach is the protection for SCADA was not taken into consideration when the systems were built. Fast forward to the current threat landscape with nation states funding cyber criminals to develop APT (Advanced Persistent Threat) groups targeting discontinued/unsupported/outdated SCADA systems, lacking relevant security measures is a combination for a worldly disaster.
Targeting SCADA systems that facilitate critical infrastructures are easy targets for cyber criminals due to: the lack of cybersecurity on outdated systems; budgetary confinements; sophisticated cyber criminals striving to be rewarded in recognition and monetarily, are all factors that increase the chances for an APT group to successfully disrupt critical infrastructures.
SCADA systems were historically hit in what is known as the largest and most expensive malware development effort in history, Stuxnet. It has nearly been a decade since the debilitating attack damaged centrifuge rotors in a consolidated mission to execute a cyber weapon to paralyze Iran’s nuclear weapon development. Stuxnet’s development was ahead of any type of detection and disabled Iran’s nuclear program without Iran detecting any type of invasion.
Critical infrastructures had a wake up call in 2015, when APT group BlackEnergy froze systems at the peak of winter in Ukraine. Now in 2018, security experts say that it is only a matter of time until the next blackout will occur and believe the cyber attackers may have a firmer grip on critical infrastructure servers potentially causing longer disruptions or complete destruction.
Attacks Paralyze. enSilo Protects.
WannaCry is an example of how these critical infrastructures can be taken off the grid when not protected. Last year, enSilo’s customers that depend on outdated systems (legacy systems) to run their electronic manufacturing facility, were relieved to know their servers and devices were protected from WannaCry, NotPetya and multiple variants of ransomware without the need to update.
enSilo secures sensitive data by protecting data from tampering and exfiltration while being agnostic to: the data context, the infiltration method, the requesting process or the protocol.
Ultimately, keeping data safe from harm, which is the reason why enSilo exists. It goes back to, "if there is a will there is a way". Cyber attackers shouldn't be looked at any differently. If there is a cyber attacker/s targeting a critical infrastructure that is known for having ICS vulnerabilities, it's only a matter of time until the cyber attacker will exploit the vulnerability of an outdated system and send a communication to their home base with critical data. Protecting servers and devices that may be operating on outdated systems, being agnostic to operating systems, having the ability to threat hunt and allowing business to continue as usual are highlights of enSilo’s product. Stop, block critical data from being exfiltrated with our self defending endpoint security.
Hidden threats resulting from APT groups lurk deep in SCADA systems, in most cases for an extended period of time before an attack is launched.
Due to lack of security budget, protocol and outdated software, it’s obvious critical infrastructure systems including: power, oil, gas pipelines, water distribution and wastewater collection systems are hotbeds for ICS vulnerabilities.
Value of an Experienced Research Team
enSilo’s researchers are well-experienced, constantly up for a challenge, searching for hidden threats and staying ahead of the current threat landscape. Since, enSilo was established, our team of researchers discovered multiple malware evasion techniques including: AtomBombing, Process Doppelganging, Microsoft’s User Access Control (UAC) bypassing mechanisms, code less code injections and zero day techniques. Such techniques could potentially evade any type of security intended to protect SCADA running Windows XP, which some critical infrastructures depend on to operate. “Attackers use code injection to add malicious code into legitimate processes, making it easier to bypass security products, hide from the user, and extract sensitive information that would otherwise be unattainable.” enSilo’s research team. enSilo’s product is agnostic to such malware evasion techniques and blocks them out-of-the-box.
- Sophisticated attackers behind the APT groups are advancing faster than security can successfully mitigate the overwhelming number of threats. Techniques are advancing, vulnerabilities keep multiplying, it takes on average 140 days for a team to implement patches and average dwell time for a team to respond to a security incident is 86 days.
- SCADA systems running critical infrastructures are typically ran on old, outdated legacy systems that are vulnerable by design.
- Invest in a dynamic cybersecurity solution backed by an exceptional research team that are dedicated to updating the product remotely, actively staying up-to-date on: modern malware, ransomware and malware evasion techniques.
- Tune-up SCADA systems with a cybersecurity solution agnostic to operating systems and has the ability to protect critical infrastructures running on legacy systems.
enSilo blocks malicious communication paths in real-time, preventing cyber attackers from gaining access to deployed devices/servers preventing attempts from emergency shutdown system. Most critical infrastructures are being protected by outdated and failing cybersecurity designed based on predetermined security rules. The threat landscape is evolving faster than cybersecurity products can update and many modern malware are able to bypass. enSilo’s self defending endpoint protection platform has the ability to detect, mitigate and contain infections on a device that has been infected already. Request Tracker for Incident Response (RTIR) has been integrated into enSilo’s product to add value and time back into the daily schedule for CERT and CSIRT teams. Find out if there are cyber attackers hiding within vulnerable SCADA systems with a free vulnerability assessment.