Cybercriminals now targeting industrial enterprise network
dubai — As the technology and corporate networks of industrial enterprises become increasingly integrated, more and more cybercriminals are turning their attention to industrial enterprises as potential targets.
The recent global ransomware cyberattack is proof of this trend and has left businesses reeling at the extent of which the attacks are taking place. Computers in more than 150 countries were targeted by a mass cyberattack using ransomware. Experts are still determining who was behind the attack, which exploited a security flaw in older versions of Microsoft’s Windows operating software.
Mark Skilton of Warwick Business School, who regularly researches cybersecurity, says that there needs to be a ‘cyber police force’ at a global level to help manage these escalating threats with the right level of specialist skills, and not just vendors sorting it out for themselves.
“With Microsoft, as well as many other vendors and cyber response agencies, citing a 75 per cent increase in user expectation to be cyber-attacked in the next 12 months, this attack has just gone to the next level. Ransomware is the third generation next development after Denial of Service (DOS) and data breach theft, to not only enter computers, but inflict psychological and financial loss at the same time,” he said.
“While we all carry the liability, we have little protection to tackle what is now open full scale war with the criminals,” he added. “Microsoft is right to call for a Digital Geneva convention of rights; the risk and impact of cyber weapons can do the same or more harm than physical weapons. It can indirectly kill patients, change traffic controls, alter car onboard steering systems, change election outcomes and more.”
Kaspersky Lab ICS CERT specialists have discovered that in the second half of 2016, malware downloads and access to phishing web-pages were blocked on over 22 per cent of industrial computers. This means that almost every fifth machine at least once faced the risk of infection or credential compromise via the Internet. By exploiting vulnerabilities in the networks and software used by these enterprises, attackers could steal information related to the production process or even bring down manufacturing operations, leading to technogenic disaster.
Kaspersky Lab also found that the percentage of industrial computers under attack grew from over 17 per cent in July 2016 to more than 24 per cent in December 2016, with the top three sources of infection being the Internet, removable storage devices, and malicious e-mail attachments and scripts embedded in the body of emails. On average two-in-five computers, related to the technological infrastructure of industrial enterprises, faced cyberattacks in the second half of 2016.
The threat is not just faced by businesses and large companies, experts say. Recent global research from Norton by Symantec, showed that one in 10 consumers in the UAE fail to put any measures in place to protect their connected homes. An unsecured Internet of Things (IoT) device is attacked within two minutes once connected to the Internet. According to the Norton Cyber Security Insights Report, a survey of nearly 21,000 consumers globally, including 883 in the UAE, people are beginning to recognise that with each connected device purchase, a new avenue opens for hackers to launch attacks in their home.
Yet, despite acknowledging the security risks that come with the smart home, device vulnerabilities and poor consumer security habits are increasingly acting as an easy on-ramp for hackers to access them. Norton’s survey found that over 18 per cent of respondents admitting their Wi-Fi network is not password protected; while 49 per cent admit they don’t know how to set-up a secure home Wi-Fi network or router; and around 70 per cent don’t know how to keep its software up-to-date.
“While smart devices may offer some notable benefits and convenience, there are also risks associated. Just as hackers learned to benefit from targeting social media and financial accounts, they are on their way to learning how access to connected home devices can be lucrative,” said Tamim Taufiq, head of Norton Middle East.
— rohma@khaleejtimes.com