Showing posts with label cybersecurity. Show all posts
Showing posts with label cybersecurity. Show all posts

Industrial Control Systems (ICS) Face New Ransomware Concern

Industrial Control System Ransomware

Dragos is a company that provides industrial asset identification, threat detection, and response to help organizations stay ahead of adversaries. According to Dragos intelligence and threat reports, it appears that a segment of code called Snake or EKANS, first recognized in December, 2019, has been designed as ransomware to target Windows systems used in industrial control systems (ICS). 

Ransomware is malicious software that will lock up data on a computer’s drive, then travel across the network and encrypt other data. The saboteurs will then demand payment in exchange for releasing the data. Whereas industrial control system machines are high-value targets (healthcare is the other high-value target) EKANS is unusual in that the malicious code uses targeted intelligence for control systems to first encrypt the root data (files are encrypted and renamed with random 5-character extension) and then ruin the software processes and hold the data hostage.

EKANS targeted companies and are sent a ransom note with the instruction to pay the ransom in cryptocurrency. There is an email address provided for contact/replies.

Manufacturing plants, power grids, and industrial concerns (such as oil refineries) are all targets of this malicious malware.

Another feature of the EKANS ransomware is it is programed to terminate sixty-four (64) various processes on computers – most of which are ICS specific.  This suggests the possibility that the EKANS may also share features similar to the Megacortex ransomware, which first appeared in early 2019.  Megacortex relies on a manual method of deployment rather than self propagation ransomware deployment.

It is still unknown whether the EKANS ransomware originated from state-sponsored hackers or via real cybercriminals trying to profit from industrial control system owners. It appears that it may be the latter, based on the most recent analysis of the nature of the ransomware – analysis by Dragos researchers.

It is wise to raise awareness with among everyone who touches your systems and it would be prudent to have someone within your organization (or a consultant) tasked with keeping data security protections current.  In addition, it is crucial to have ICS organizations rethink their cybersecurity leadership philosophy. In many organizations, the evangelists for cybersecurity are not equipped to exert influence in the company.  Cybersecurity is still treated as a back-office job, but it needs to be treated as priority by the organizational leaders.

Dragos adversary hunters recommend keeping ICS systems segmented from the rest of the network. In this way, if just one Window machine is infected, the virus can’t mobilize to the systems that control the infrastructure. In addition, standard practices such as backups, stored offline, and including the last known good configuration data will somewhat reduce the liability of slow recovery. Guardrails such as improved access and mechanisms for authentication will also help to reduce the risk of these increasingly troubling attacks on ICS systems.

More detailed information can be accessed here:

Article courtesy of:
Ives Equipment
(877) 768-1600

Automation Federation, Oil & Gas and DHS Work Together for Cybersecurity

The Oil & Gas industry explore, extract, and deliver vital energy via a finely-tuned network of worldwide control systems. These systems used to be isolated proprietary systems, but they're now connected to the Internet just like so many other of our critical infrastructures, and are now susceptible to the same vulnerabilities that we see reported on a daily basis.

Since 2006 the Automation Federation has been the Host Organization for LOGIIC (Linking Oil and Gas Industry to Improve Cybersecurity.) This has been a successful collaboration between the Automation Federation, the Department of Homeland Security, and the members of LOGIIC.

Over the past decade, the LOGIIC consortium has designed tools and techniques to protect critical systems on a global scale, from research & development through practical implementation. LOGIIC is a visionary project. It was one of the first of its kind including partners that would normally compete against each other. LOGIC is about collaborating in cyber security.

The Cyber Security Division of the DHS Science & Technology Directorate leads an ongoing consortium that began with a single partner in 2004 and now includes five major oil & gas companies and the Automation Federation, supported by world-class vendors and research organizations. It's a global engagement with global impact on cyber security. LOGIIC is one team. It's important to be international because a threat does not come from one country or from another one country.

Since its inception, LOGIIC has successfully completed eight major projects, with plans for many more.  Upon completion of selected projects, LOGIIC delivers public reports to help elevate best practices across the entire industry. Both the member companies and the government are putting funds towards these projects which benefits not only the private sector, but also the public interest. Companies are applying these learnings within their organizations, because it helps bridge the gap between information technology and the industrial-environment sides of the organization.

The lessons learned through the LOGIIC projects allows the roll out of higher level cyber security and protection across all the industries. DHS is a key contributor to LOGIIC and to the success of the projects year after year. In addition to providing that technical expertise and environments such as labs and research institutes, they’re able to conduct substantial testing, and act as a conduit to make it all happen. LOGIIC started as a new model and a vision. Members came to the table, bought into the vision, and now LOGIIC is delivering real results to protect the modern industrial infrastructure.

To recognize the success of LOGIIC, DHS has released a video that features the efforts of LOGIIC. You can see the video here on the Ives Equipment Community Page.