15 May 2017 The Main WannaCrypt Ransomware Lesson: Stop Making Your Industrial Control Systems Accessible to the Internet
“WannaCrypt” or “WannaCry” is the latest ransomware variant responsible for shutting down countless organizations, including critical infrastructures and manufacturing sites as large as Renault and Nissan. The cybersecurity advice most probably followed by all these sites was to use firewalls to keep their networks “safe” and to always install the latest security updates.
It has been exactly two months since Microsoft issued the MS17-010 fix for the “EternalBlue” vulnerabilities that WannaCrypt exploits, and frankly that’s not enough time for every device in every site, factory and hospital to verify the patch, test, approve the changes and update all of their operational production sites.
And even those that did update correctly, are they free of other vulnerabilities? Of course not. This patch might have closed one security hole in one type of system, out of thousands of other security issues embedded in hundreds of systems.
The good news is that many critical industrial sites have already protected their control networks with Unidirectional Security Gateways. Unidirectional security gateway technology makes industrial sites inaccessible via the external networks that monitor them, or via the cloud services with which it shares data. This effectively immunizes the network to this class of malware, and indeed to all fast-spreading worms for the foreseeable future.
Deployment of Unidirectional Gateways within the connectivity chain of networks, between the Internet and industrial control networks lets us utilize our critical networks without risks. The gateways create a physical barrier to the propagation of malicious code and other online attacks back into the networks. One layer of gateways is the minimum that is needed to protect the control network.
Time is of the essence here.
The ransomware threat is going to become much worse, and fast. This “WannaCrypt” fiasco has shown organized crime that they can make so much money via ransomware that they can afford to buy their own fast-propagation zero-days. By the end of 2017, the bad guys will not be waiting around for an intelligence agency to leak the next batch of “EternalBlue” or “Stuxnet” vulnerabilities. Rather, the bad guys will be digging up their own.
The time has come for all of our critical infrastructure providers to “raise the security bar” on the bad guys. We need all of our critical networks protected by Unidirectional Security Gateway technology, and the sooner, the safer we’ll be.