12 Jan 2021 Zero Day Ransomware | The Top 20 Cyber Attacks on Industrial Control Systems #5 | iSi
THE INDUSTRIAL SECURITY INSTITUTE
OT / industrial / ICS cybersecurity concepts from the perspective of the world’s most secure industrial sites. Truly secure sites ask different questions, and so get different answers. Subscribe to never miss an episode
EPS. 5 – ZERO DAY RANSOMWARE
An intelligence agency mistakenly leaves a list of zero-day vulnerabilities in operating systems, applications, and firewall sandboxes on an Internet-based command and control center. An attack group, similar to the “Shadow Brokers” who discovered the US National Security Agency (NSA) zero-days, discovers the list and sells it to an organized crime group. This latter group creates autonomous ransomware that propagates by exploiting the zero-day vulnerabilities in file sharing software in the Windows operating system. The malware is released simultaneously on dozens of compromised websites world-wide, and immediately starts to spread. At industrial sites able to share files directly or indirectly with IT networks, the malware jumps through firewalls via encrypted connections to file shares. The compromised file shares infect and encrypt the industrial site, causing an emergency shutdown and damaging physical equipment.
THE TOP 20 CYBERATTACKS ON INDUSTRIAL CONTROL SYSTEMS
These Top 20 attacks have been selected to represent cyber threats to industrial sites across a wide range of circumstances, consequences and sophistication. No industrial operation is free of risk, and different industrial enterprises may legitimately have different “appetites” for certain types of risks. In this series we show how to use the Top 20 Cyberattacks to compare the strength of two security postures at a hypothetical water treatment plant: Defence in depth 2013 (software based security) vs. that same security posture plus a unidirectional security gateway device providing hardware-enfonced security). We ask the question, does either defensive posture reliably defeat each attack? Over the course of 20 episodes we build a score card that can be used to easily communicate risk reduction benefits to business decision-makers who are not familiar with cyber-security.
ABOUT ANDERW GINTER
At Waterfall, Andrew leads a team of experts who work with the world’s most secure industrial sites. He is author of two books on industrial security, a co-author of the Industrial Internet Consortium’s Security Framework, and the co-host of the Industrial Security Podcast. Andrew spent 35 years designing SCADA system products for Hewlett Packard, IT/OT connectivity products for Agilent Technologies, and OT/ICS security products for Industrial Defender and Waterfall Security Solutions.
Dig deeper - download the accompanying ebook here
- The Enterprise Perspective on OT Security – Ed Amoroso | Episode #51 - January 19, 2021
- Zero Day Ransomware | The Top 20 Cyber Attacks on Industrial Control Systems #5 | iSi - January 12, 2021
- Unidirectional OT Zero Trust - January 10, 2021