Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Operational Technology. Show all posts
US-China
APT CISA Cyber Attacks DOD Military Degradation Operational Technology US Department of Defense US Military US-China

DoD Claims: China’s ICS Cyber Onslaught Aims at Gaining Strategic Warfare Advantages


According to the US Department of Defense (DoD), China's relentless cyberattacks on vital infrastructure are likely a precautionary measure intended to obtain a strategic advantage in the event of violent warfare.

The Cyber Strategy released earlier this week by DoD has mentioned an increase in the state-sponsored cybercrime from People's Republic of China (PRC), particularly against sensitive targets that could affect military responses. 

According to the agency, this is done in order to "to counter US conventional military power and degrade the combat capability of the Joint Force."

The DoD claims in their report that the PRC "poses a broad and pervasive cyberespionage threat," monitoring movements of individual beyond its borders, and further acquiring technology secrets, and eroding the capabilities of the military-industrial complex. However, the NSA cautioned that the operation goes beyond routine information collecting.

"This malicious cyber activity informs the PRC's preparations for war[…]In the event of conflict, the PRC likely intends to launch destructive cyberattacks against the US Homeland in order to hinder military mobilization, sow chaos, and divert attention and resources. It will also likely seek to disrupt key networks which enable Joint Force power projection in combat," the report stated.

An Increasing Chinese Focus on Military Degradation

The notion that cyber activities can signal impending military action is consistent with predictions made earlier this year in the wake of the Volt Typhoon attacks by Microsoft and others. With a series of compromises that targeted telecom networks, power and water controls, US military bases at home and abroad, and other infrastructure whose disruption would interfere with actual military operations, the Beijing-backed advanced persistent threat (APT) made national headlines in the US in May, June, and July.

However, the operational technology (OT) used by the victims has not yet been impacted by the compromises. But, CISA Director Jen Easterly warned at Black Hat USA in August that if the US gets involved in a potential invasion of Taiwan, the Chinese government may be positioning itself to launch disruptive attacks on American pipelines, railroads, and other critical infrastructure.

"This APT moves laterally into environments, gaining access to areas in which it wouldn't traditionally reside[…]Additionally, this threat actor worked hard to cover their tracks by meticulously dumping all extracted memory and artifacts, making it difficult for security teams to pinpoint the level of infiltration," says Blake Benson, cyber lead at ABS Group Consulting.

Taking into account the military-focused cyber activities that can potentially entail collateral damage to bystander business, there could also be a sort of ‘anti-halo effect’ at work, according to John Gallagher, vice president of Viakoo Labs at Viakoo.

"Virtually all exploits launched by nation-states 'leak' over to non-nation-state threat actors[…]That means organizations who depend on IoT/OT systems will be direct targets at some point to the same threats being launched against national critical infrastructure," warns Gallagher.  

Read more »
Vulnerabilities and Exploits
Operational Technology RCE Remote Code Execution Security research Vulnerabilities and Exploits

Several RCE Bugs Making Industrial IoT Devices Vulnerable to Cyberattacks


Eleven vulnerabilities in the cloud-management platforms of three industrial cellular router vendors put operational technology (OT) networks at risk for remote code execution, even when the platform is not actively set up for cloud management.

Eran Jacob, team leader of the security research team at Otorio, and Roni Gavrilov, security researcher, warn that the vulnerabilities are critical as they can be used to exploit thousands of industrial Internet of Things (IIoT) devices and networks in a variety of sectors, even though they affect devices from only three vendors, namely Sierra Wireless AirLink, Teltonika Networks RUT, and InHand Networks InRouter. 

"Breaching of these devices can bypass all of the security layers in common deployments, as IIoT devices are commonly connected both to the Internet and the internal OT network[…]It also raises additional risk for propagation to additional sites through the built-in VPN," the researchers said.

The researchers added that in case the attackers acquire a direct connection to the internet OT environment, it may further impact production and pose safety risks for users in their virtual environment.

Attackers can also use a variety of vectors to take advantage of the flaws, according to the researchers, including compromising devices in the production network to enable unauthorized access and control with root privileges, gaining root access through a reverse shell, and using compromised devices to exfiltrate sensitive data and carry out actions like shutdown.

Where the Issues Lie 

Multiple devices can connect to the Internet using a cellular network thanks to an industrial cellular router. According to the researchers, these routers are frequently utilized in industrial environments like factories or oil rigs where typical wired Internet connections would not be viable or dependable.

"Industrial cellular routers and gateways have become one of the most prevalent components in the IIoT landscape[…]They offer extensive connectivity features and can be seamlessly integrated into existing environments and solutions with minimal modifications," Gavrilov wrote in the report.

In order to give clients remote management, scalability, analytics, and security across their OT networks, vendors of these devices use cloud platforms. The researchers further noted that they discovered a number of vulnerabilities that "pertain to the connection between IIoT devices and cloud-based management platforms," which is, in some cases, enabled by default.

"These vulnerabilities can be exploited in various scenarios, affecting devices that are both registered and unregistered with remote management platforms[…]Essentially, it means that there are security weaknesses in the default settings of certain devices' connectivity to cloud-based management platforms, and these weaknesses can be targeted by attackers," they said.

Mitigation Strategies

Researchers have provided vendors of these devices as well as OT network administrators with a number of mitigation measures. They recommended that OT network managers uninstall any inactive cloud features if they are not actively using the router for cloud management in order to avoid device takeovers and minimize the attack surface.

Administrators can also restrict direct connection from IIoT devices to routers because built-in security mechanisms like firewalls and VPN tunnels lose their effectiveness after being compromised, according to the researchers.

"Adding separate firewall and VPN layers can assist with delimitering and reduce risks from exposed IIoT devices used for remote connectivity," Gavrilov added in the report.  

Read more »
Vulnerabilities
CAN Cyber Security Operational Technology Vulnerabilities

Fixing Insecure Operational Technology That Threatens the Global Economy

 


Considering the widespread technology leading to cyberattacks, the demand for work to safeguard the systems and networks also increases. Many techniques have been developed for protecting bits and bytes of computer networks, yet no such method has been discovered for strengthening the physical framework which handles the world’s economy. 

In many countries, operational technology (OT) platforms have largely polluted traditional physical infrastructures as they have been able to computerize their entire physical infrastructure, whether it is buildings, bridges, trains, and cars, or the industrial equipment and assembly lines that work hard to generate an economy's wealth. Even after so many updates in the tech world, if there is any cyberattack with new technology on things like planes or beds, it will be completely whimsy. There is a definite requirement to take proper care and actions to avoid destructive damage caused due to such attacks.  

Consider, for instance, a scenario in which our country's northeast regions are left without heat in the middle of a brutal cold snap. This is the result of an attack on an energy plant. If such an attack was carried out, imagine the enormous amount of hardship that would be caused and even death - as homes would turn dark, businesses would lose customers, hospitals would have trouble operating, and airports would be shut down. 

The first idea was that this kind of cyber threat could be a prime target for physical infrastructure when the Stuxnet virus emerged over a decade ago. At least 14 industrial sites, including a uranium enrichment plant in Iran, were infected by a malicious threat known as Stuxnet, which inserted malware into the software. 

Built-in vulnerabilities 

Operational technology manufacturers have always had a problem in which they did not design their products with security in mind when they developed them. Thus, trillions of dollars worth of OT assets are incredibly vulnerable today, which has led to tremendous financial losses. Almost all the products in this category are designed to use microcontrollers that communicate over controller area networks (CANs), which are insecure. 

As well as for passenger vehicles and agricultural equipment, the CAN protocol is used in an extensive range of other products, such as medical instruments and building automation systems. However, it does not include mechanisms for supporting secure communications. Additionally, it lacks authentication and authorization. When a CAN frame is sent, it does not involve any information about the sender's address hence the recipient's address cannot be determined from the CAN frame. 

Thus, there has been a considerable increase in the vulnerability of CAN bus networks to malicious attacks, as a consequence, especially with the expansion of the cyberattack landscape. We, therefore, need to come up with more advanced approaches and solutions to better secure CAN buses and protect vital infrastructures to better secure them. 

As we examine what can happen if a CAN bus network is compromised, let us first examine what might happen if we consider what this security should look like. Several microprocessors are interconnected by a CAN bus. They act as a communication channel that is shared by all of them. The CAN bus makes it possible for several systems within an automobile. For example, to communicate seamlessly over a common channel. The CAN bus allows the engine system, combustion system, braking system, and lighting system to operate seamlessly in communicating.

However, hackers can still send random messages in compliance with the protocol and interfere with CAN bus communication because it is inherently insecure. Consider the havoc that would ensue if even a small-scale hack of an automated vehicle occurred, transforming these cars into a swarm of potentially lethal objects, causing an unimaginable amount of disaster and mayhem. 

As much as the automotive industry is facing the challenge of designing a well build, embedded security mechanism to protect CAN, the challenge is that it must achieve high fault tolerance while keeping costs low. Ultimately, these startups will be able to defend all our physical assets, including planes, trains, and manufacturing systems from cyberattacks. 

How OT Security Would Work 

How would such a company look if it existed? By intercepting data from the CAN and deconstructing the protocol, this kind of application could enrich and alert anomalous communication traffic traversing the OT data bus. This is ranging the CAN. An operator of high-value physical equipment, having such a solution installed, would be able to gain real-time, actionable insight into anomalies and intrusions within their systems - and hence would be better equipped to thwart any cyberattacks that may occur. 

Usually, this type of company comes from the defense industry, but it can also come from other sectors. As well as having the potential to examine various machine protocols, it will also have a lodged data plane with deep foundational technology. 

A $10 billion-plus opportunity can easily be created with the right team and support. Protecting the physical infrastructure of our country is one of the most imperative obligations that we have. Hence, there is a clear need for new solutions, concentrated on hardening critical assets against cyberattacks, which can provide a practical solution to the problem.
Read more »
Subscribe to: Posts (Atom)