Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
4/18/2016
10:48 AM
Scott Montgomery
Scott Montgomery
Partner Perspectives
50%
50%

Which Critical Infrastructure Attack Will Be Our Bangladesh Factory Collapse?

Critical infrastructure security is finally getting the attention it deserves; let's hope that it is enough to prevent a major disaster.

Factory fires, mine explosions, collapsed buildings, and other workplace accidents that kill and injure workers have led to occupational health and safety laws in most countries. When workers are not killed or injured, but could have been, these events are referred to as “serious potential incidents.”

In workplaces around the world, we are seeing serious potential incidents from cyberattacks instead of unsafe conditions, machinery, or chemicals. This trend is worrisome for a couple of reasons:

  1. Some of these attacks are conducted with an intent to harm.
  2. The potential for injuries or fatalities is substantial.

Most industrial and critical infrastructure organizations will admit to being probed or attacked on a frequent basis, without success. However, there have been several serious potential incidents in the past couple of years where cyberattacks came close to causing significant harm, including a dam in suburban New York, steel foundry in Germany, and electrical substations in Ukraine.

Flood-Control Dam, New York

Recent indictments against some Iranian hackers by the U.S. Department of Justice have brought renewed publicity to the hacking of a small flood-control dam in suburban New York. In this case, the hackers appear to have stumbled across an unprotected computer at the dam using a search technique known as Google dorking. Using specific search terms on the standard, publicly available Google search-engine, hackers can discover computers, login portals, and other access points that are unintentionally connected to the public Internet. This does not appear to have been a preplanned or coordinated attack, and the hackers could not open or close the primary sluice gate because it was still in manual mode. However, with a 20-foot high-water mark and a neighboring middle school, the potential for death or serious injury from even this small dam is significant.

Steel Foundry, Germany

A preplanned cyberattack that caused a significant amount of damage happened a few years ago against a steel foundry in Germany. In this case, the attackers used spear phishing emails to steal credentials and gain access to the foundry’s business systems. Once inside, the hackers took time to explore the network and found a way to get from the business network to the industrial operations. Demonstrating a sophisticated knowledge of industrial controls and processes, the hackers explored the systems and, whether intentionally or accidentally, caused a series of malfunctions that resulted in more than $1 million in damage to a blast furnace. If the intent was not damage or sabotage to the foundry, what damage could they have caused, perhaps by affecting the quality of steel intended for a bridge or office building?

Electrical Grid, Ukraine

Finally, a sophisticated and methodical attack in December 2015 shut down more than 50 electrical substations in Ukraine, affecting more than 200,000 people who were without power for up to six hours. This attack also started with spear-phishing emails that stole credentials and installed malware, months or even years before the outage. Using their access, the hackers explored the systems, quietly getting closer to the control systems. In addition to turning off the power, this group also made it difficult to restore power, modifying firmware, corrupting master boot records, and even running a denial-of-service attack against the call center. In this case, the business and operations systems were segregated, but allowed VPN access to the SCADA network. The power was out for only six hours, but months later the substations are still working to recover full functionality of the corrupted systems, and most of the substations are still on manual control.

What Will It Take For Us To Secure Our Infrastructure?

Which security incident in the future will become as infamous as the Bangladesh factory collapse that killed more than 300 workers, the Triangle Shirtwaist factory fire where 146 perished, or the non-fatal but embarrassing collapse of the Tacoma Narrows Bridge? Critical infrastructure security is finally getting the attention it deserves; let’s hope that it is enough to prevent a major disaster.

Scott Montgomery is vice president and chief technology officer for the Americas and public sector at Intel Security. He runs worldwide government certification efforts and works with industry and government thought leaders and worldwide public sector customers to ensure that ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...