Cyberattacks imminent as industrial safety vulnerabilities loom large

Industrial safety is all about securing the operational assets of organizations with manufacturing and similar operations. But beyond these assets, lie the critical infrastructures that ensure services are not disrupted.

Despite industrial safety standards being set somewhat in stone, securing critical infrastructures such as operation technologies needs to be the prerogative as they are the backbone of the organization. Cybercriminals are aware of this and have been targeting them.

A recent survey by cybersecurity firm Fortinet showed that more than 90% of organizations using operation technology systems, have experienced some sort of cyber incident in the past year. Most of these cyberattacks involve organizations that have disrupted the supply chain.

Some of the recent cyberattacks on critical infrastructures include the ransomware attack on Colonial Pipeline as well as a nation-state actor that targeted the port of Houston by exploiting a zero-day in a Zoho user authentication code. There was also a failed attempt to poison the water supply in the state of Florida by a hacker who gained access to the water system operations earlier this year.

The reality is, cybercriminals are aware of the vulnerabilities of most of these organizations and are waiting for the right time to launch an attack. While in most cases attacks like this would be financially motivated, state-sponsored attacks are also on the rise, with Microsoft recently announcing that Russian hackers are targeting the US for more cyberattacks.

Despite most organizations increasing their industrial safety standards and adding more cybersecurity services, they also need to be aware that some of their critical infrastructure systems are just too old and are vulnerable to attacks.

The critical infrastructure of industrial safety

A recent study by CloudSEK showed that critical infrastructural systems like gas and water supply, and even government services are vulnerable to cyber-attacks. The Abysmal State of Global Critical Infra Security: Supply of Gas, Water & Government Services at High-Risk report showed that most enterprises and governments are not fully aware of the security of their operational technology system, making them vulnerable to cyberattacks and serious threat nations and their economies.

The whitepaper highlighted four critical infrastructures in India that can fall to severe consequences if an attack is launched. They include the misconfigured instances of the water quality management software of an Indian conglomerate, the Indian government’s Mail Server credentials being exposed on GitHub, and hardcoded credentials on the government of India’s Central View Dashboard.

While the white paper highlights the vulnerabilities in India, the same study can also be applied to critical infrastructures around the world as these vulnerabilities are common. For example, in Ukraine, a massive power outage in 2015 was found to be the result of a cyberattack on a supervisory control and data acquisition (SCADA) system. This instance left around 230,000 people in the west of the country without power for hours.

According to CloudSEK senior security analyst Sparsh Kulshrestha, as businesses, transactions, and interactions all go online, governments and organizations are focusing on bolstering user privacy and IT security. However, this should also address the need for greater OT security. Given that critical infrastructure systems are the backbone of governments and large businesses, their overall security cannot be taken for granted.

He explained that since gas, water, and government services are basic needs of modern society, there needs to be a concerted effort to renew the emphasis on OT security. Apart from increasing awareness, he suggests industrial safety mechanisms can also improve OT security by ensuring real-time monitoring of:

• Internet exposed OT applications
• Leaked credentials across GitHub and other repositories
• Underground forums for threat actors targeting OT systems
• Patches and workarounds for vulnerabilities
• Unsecured cloud storage

“The critical infrastructure is found to be imminent from cyber attacks in my research. While most ICSs have some level of cybersecurity measures in place, human error is one of the leading reasons due to which threat actors are still able to compromise them time and again,” said Kulshrestha. He added that all the vulnerabilities found have been reported to the respective country’s Cyber Emergency Response Team.

However, the lack of visibility to the assets owned by companies is one of the leading causes of such kinds of attacks. To solve this challenge, Kulshrestha suggests that real-time monitoring of Internet exposed OT applications, leaked credentials across GitHub and other repositories along with cyber security awareness within the organization is required.