vulnerable spot
According to the message of the Federal Service for Technical and Export Control of the Russian Federation (FSTEC), developers of software and equipment for automatic control systems for production and technological processes used in critical information infrastructure facilities in the Russian Federation are subject to large-scale cyberattacks. ), published on the agency’s website.
FSTEC does not disclose details about the incidents, but notes that analysis of information about threats conducted by the department reveals that new attacks are being prepared on these organizations by foreign cybercriminals.
We are talking about control systems (APCS) of so-called objects of critical information infrastructure (CII). Elements of such an infrastructure are present at the enterprises of the fuel and energy complex, nuclear power, chemical, mining and metallurgical industries. This category also includes healthcare, finance, transportation and communications, and more.
The FSTEC message is also about developers of systems that control the operation of nuclear reactors, turbines in hydroelectric power plants, blast furnaces in factories, chemical reagent production plants and railways.
Pavel Korostelev, head of the product demonstration division of the security code company, also reports that attacks against critical infrastructure facilities and equipment developers for them were recorded. According to him, after February 24, the number of events in this niche increased significantly.
“Overall, there are three to five sectors that are most heavily attacked: finance, communications, industry, defense and energy,” the expert said.
In contrast, Cisco Systems security business consultant Alexey Lukatsky noted that CII facilities are attacked more often than ICS developers. The expert drew such a conclusion, citing information transmitted behind closed doors by Russia’s FSTEC. Evgeny Goncharov, head of the industrial systems security research center at Kaspersky Lab, shares a similar view.
“Unfortunately, the arguments of government representatives and the community of information security experts failed to convince many owners of automated control systems that they should seriously take care of their protection. So supply chain attack scenarios are often unnecessary. Yes, and it is difficult for novice cyber-attackers, who currently make up the vast majority of attempts to attack Russian establishments.”
socialbites.ca sent a request for comment to FSTEC.
The Little Bang Theory
Experts note that due to the high importance of businesses controlled by ICS, successful hacker attacks on their developers can lead to disastrous results.
“The successful attack on the developer of automated process control systems is fraught with environmental disasters, human death, and the like. For example, a conveyor producing spare parts for military equipment may stop unexpectedly. Or an unauthorized change in the food formula may result in poisoning. Oil production or the production of petroleum products may stop,” said Lukatsky, listing the possible outcomes.
Kaspersky Lab specialist does not exclude the devastating effect of successful attacks. At the same time, according to Goncharov, in some cases, even the actions of not very qualified cybercriminals can affect the operation of the automatic control system.
In turn, Nikolai Yurchenko, head of R-Vision’s project implementation and sales support department, added that the likely purpose of the attack on developers could be to introduce unauthorized access capabilities, called “backdoors”, into their products. . Once the automated control system starts operating at the facility, they can be used by intruders to have devastating effect on the business.
“Successful attacks are very dangerous, first of all, not with financial and reputational losses, but with possible emergencies that can lead to both production shutdown or transportation communications interruption, and major man-made, humanitarian disasters. and human losses,” he said.
Alexei Novikov, director of the Positive Technologies Center for Expert Security (PT Center for Expert Security), added that attacks against ICS developers may be more mundane targets. For example, information intelligence.
“Attackers gaining access to the manufacturer’s infrastructure could gain access to one of the employees’ mail and start sending phishing emails to customers on behalf of the company. “The fact that the letter comes from a trusted address significantly increases the likelihood of a successful phishing attack.”
What should we do
Along with the warning, FSTEC has issued a long list of advice developers can follow to reduce the success of a hacker attack. Among other things, the agency wants to take an inventory of public web services and disable unused resources, tighten password policy requirements for administrators and users, provide two-factor authentication for employees connecting remotely to its information infrastructure, and more.
Alexey Lukatsky of Cisco Systems called these suggestions “correct”.
“If there is an information security service operating effectively in the institution, they will give instructions for priority protection measures,” the expert says.
R-Vision’s Nikolai Yurchenko spoke similarly. According to him, FSTEC’s recommendations contain at least a set of essential necessary measures that will quickly detect cyberattacks in the vast majority of cases. And in some cases, get them under control and buy time to develop additional measures to protect the organization.
Source: Gazeta
