The Threat of IIoT Cyber Attacks
December 17, 2018
By: Will Mapp
In the case of many industrial settings, the IIoT is considered the answer for numerous challenges. The connectivity that’s the result of it assists in efficiency, productivity, and profitability. When it comes to utilities, IIoT helps manage the demand, and for public infrastructure, it can help governments in delivering better services, which include public safety as well.
However, according to SonicWall’s 2018 Cyber Threat Report, the IIoT is increasingly becoming the target of cyber attacks, which is a big problem as the IIoT is often unsecured and ignored.
Only in 2017, worldwide, there were around 9.3 billion malware attacks, and more than 12,000 new vulnerabilities and exposures. The report states that most executives see cyber attacks as the number one operations, financial, and business risk. They are such a big problem that some consider them a more significant threat than natural disasters. Several other reports also state a similar thing.
In recent years, many conditions and trends have made it so that cybersecurity events that target the OT side of IIoT increase dramatically.
Industrial Control System (ICS) cyber-attacks increase from 2007 to 2017
These attacks have been happening since the late 1990s. However, they had only become mainstream in 2010. That was when the Stuxnet malware targeting SCADA system in Iranian uranium enrichment plant was discovered.
Stuxnet changed everything. Afterward, interest in the security for control systems significantly increased, because, at the time, security features were not part of the standard industrial control system equipment.
Furthermore, several new threats were exposed, and several attacks occurred over the years:
- In 2013, Havex/Backdoor.Oldrea remote access Trojan that targets ICSs discovered.
- In 2014, a SCADA-targeting version of BlackEnergy discovered. Its use is against ICS.
- In 2014, hackers took control of ICS in a German steel mill and caused massive physical damage.
- In 2016, Russian hackers cause blackouts in Ukraine by hacking the energy grid with the Industroyer/CrashOverride malware.
- In 2017, the WannaCry worldwide ransomware attacks targeted vulnerabilities in Windows-operating computers. NotPetya attacks followed those. Because of these two major ransomware attacks, the DHS issued more warnings to manufacturers and infrastructure owners about ICS vulnerabilities. In the end, the DHS and FBI issued a joint alert which stated that several attacks began targeting the ICS of the US.
- In December 2017, the first malware designed to attack ICS revealed – the TRITON/TRISIS malware framework.
If all of these weren’t enough, as 2018 started, cyber events also began to escalate:
- Many vulnerabilities in the Meltdown and Spectre microprocessors were discovered.
- USA has identified Russia as the source of many attacks on US infrastructure and manufacturing.
- A revised version of TRITON/TRISIS started attacking more brands and security hardware and managed to breach several US firms.
- Further vulnerabilities were detected in several types of industrial hardware and software.
These attacks and other cyber events don’t seem to show any signs of stopping, which is why it’s becoming more and more important to focus on cybersecurity and getting better systems that will help stave off these attacks.
