Ransomware May Move to Industrial Control Systems
Posted by: Timothy Weaver on 02/15/2017 07:32 AM
[
Comments
]
Researchers at Georgia Institute of Technology have demonstrated how ransomware could hold industrial control systems (ICS) hostage.
In a proof-of-concept demonstration, the researchers simulated an attack on a water system and if a ransom was not paid, dump excessive amounts of chlorine into the water making it unfit for consumption.
“We were able to simulate a hacker who had gained access to this part of the system and is holding it hostage by threatening to dump large amounts of chlorine into the water unless the operator pays a ransom. In the right amount, chlorine disinfects the water and makes it safe to drink. But too much chlorine can create a bad reaction that would make the water unsafe.”
Such a threat would probably demand a much higher ransom since it would affect an entire city. Criminals may soon see that ransomware on an ICS could be a much higher payoff.
ESET security specialist Mark James explains:
“Usually targeted malware is configured and aimed at a particular industry or sector. With so much of our industry digitally operated or maintained this could prove in its worst case scenario very bad indeed. But the same rules apply to any area that may be the target of ransomware, it has to be installed and it has to be able to gain complete control. With the right levels of security we can limit its attack vector and have mechanical failsafes to override anything software can instigate.”
“All environments in our digital world are susceptible to attack and need to be protected. Making sure operating systems, applications and security programs are kept up-to-date is one of the first lines of defence and one that often is overlooked or just not possible on bespoke systems designed to do a single task or job.”
The researchers proof-of-concept should come as a warning to the industrial sector of the country and be a wakeup call to tighten their security and place backups in case of such an attack.
Source: we Live Security
In a proof-of-concept demonstration, the researchers simulated an attack on a water system and if a ransom was not paid, dump excessive amounts of chlorine into the water making it unfit for consumption.“We were able to simulate a hacker who had gained access to this part of the system and is holding it hostage by threatening to dump large amounts of chlorine into the water unless the operator pays a ransom. In the right amount, chlorine disinfects the water and makes it safe to drink. But too much chlorine can create a bad reaction that would make the water unsafe.”
Such a threat would probably demand a much higher ransom since it would affect an entire city. Criminals may soon see that ransomware on an ICS could be a much higher payoff.
ESET security specialist Mark James explains:
“Usually targeted malware is configured and aimed at a particular industry or sector. With so much of our industry digitally operated or maintained this could prove in its worst case scenario very bad indeed. But the same rules apply to any area that may be the target of ransomware, it has to be installed and it has to be able to gain complete control. With the right levels of security we can limit its attack vector and have mechanical failsafes to override anything software can instigate.”
“All environments in our digital world are susceptible to attack and need to be protected. Making sure operating systems, applications and security programs are kept up-to-date is one of the first lines of defence and one that often is overlooked or just not possible on bespoke systems designed to do a single task or job.”
The researchers proof-of-concept should come as a warning to the industrial sector of the country and be a wakeup call to tighten their security and place backups in case of such an attack.
Source: we Live Security
Comments
