Custom Search

Cyber Security: Attacking Industrial Systems

Industrial systems can be targeted by hackers for a range of reasons:

Industrial Espionage - stealing of patents, finding out work processes/practices, details of transactions and contacts, information that could be used for blackmail.

For example

In 2017, there was an incident at the Saudi oil refinery, Petro Rabigh Malware accidentally shut down the plant. It is thought that the malware was probing the plant's industrial control systems when it accidentally triggered the shutdown. It is believed that the same group behind this malware was probing industrial control systems within the electrical transmission networks in the US and Europe-wide.

 

 

Industrial Sabotage - interrupting or fouling operation of industrial plants or processes to give advantage to competitors or stop devopment of new industries.

For example:

2010 - Stuxnet - nobbling Iran's nuclear industry

In the summer of 2010, a new piece of malicious software for the Microsoft Windows operating system was discovered by an antivirus company in Belarus.

The software was studied and found only to attack a very specific set of computer-controlled high-speed motors manufactured by Siemens. It would rapidly increase and decrease the speed of the motors causing irreparable damage to whatever was connected to them – which was, among other things, uranium centrifuges.

By the autumn of 2010, reports were appearing that the Iranian centrifuge programme was in trouble.

The Israeli paper Haaretz reported that Iran's centrifuges had not only produced less uranium than the previous year, but that the entire programme had been forced to stop and start several times because of technical problems.

Other sources reported that Iran had been forced to remove large numbers of damaged centrifuges from its enrichment plant.

In 2016, there was a serious cyber attack on the Ukrainian power grid. Recent analysis has provided much more detail about how it was carried out. It would appear that the intention was to disable safety monitoring equipment in such a way that the operators would not be aware that important safety equipment had also been turned off. This could have caused catastrophic damage when operators attempted to restore power. The target was a known vulnerability in a piece of Siemens equipment known as a Siprotec protective relay. A security patch was available but may not have been installed.

 

Pecuniary Gain - simple ransomware employed on a large corporation

For example:

A ransomware infection by LockerGoga on the IT infrastructure of Norwegian aluminum producer Norsk Hydro A week after suffering the crippling attack it is estimated that total losses from the incident had already reached $40 million. It is not clear whether Norsk Hydro was specifically targeted, or whether this was the result of a random infection..