Well Designed, Yet Highly Vulnerable
Despite being decades old, SCADA control systems remain well-designed to this day. They bring multiple moving parts together – computers, networks, data communications and user interfaces – to manage machinery and engineered components of industrial systems.
These systems weren’t originally unsafe. The system developers weren’t overly preoccupied with security because they had no conception of something called the Internet. With no Internet in existence at the time, the systems were “air gapped” – meaning not connected to other systems or the outside world, for years.
Now decades later, these complex systems are running on legacy software and operating systems. Air gapping is not a reliable protection due to widespread Internet connectivity. Networks can also be easily breached by social engineering, password theft, or tainted USBs, as in the Stuxnet attack.
The Dangers of ICS Memory-Based Attacks
The class of cyberattacks aimed at Industry Control Systems (ICS) networks is particularly dangerous because the attack takes place in the system’s runtime memory. No files are implanted into the OS file system. Instead, hackers inject code directly into process memory using stolen privileges and the system’s own administration and security tools.
This renders the attacks undetectable and able to bypass conventional security solutions such as EDR, antivirus and other traditional security lines of defense. This alarming methodology has been deemed “indefensible” by many security experts. It shows how ICS systems are in dire need of immediate protections against these types of threats.
Who’s Behind ICS Threats?
Internet-sourced threats are the primary means of attacks on ICS systems. Connection points and interfaces such as mobile phones and Wi-Fi routers also present points of vulnerability.
ICS attacks are carried out by sophisticated attackers, including well-funded nation-state bad actors. Below are examples of severe cyberattacks and tactics that have taken advantage of the vulnerabilities in ICS networks.
BlackEnergy is a Trojan capable of distributed denial of service (DDoS), cyber…