New Assets, New Advantages, and More Dangerous Threats
There was a time, really not that long ago, when catastrophic cyber attacks on operational technology were something we only saw in science fiction. This shows how far our cyber-physical systems have come – and how far our cyber crime has followed. In essence, every increase in the functionality of operational technology is also an increase in the potential disruption a cyber incident can cause, without any necessarily linked rise in defense.
Robotic assets are one such technology that has seen a multitude of new deployments and increases in functionality over the last year. This is why the most recent proof of concept created by TXOne Networks’ researchers was developed to reliably secure the autonomous mobile robots (AMRs) that are being used to manufacture COVID-19 vaccines. Any situation that could compromise the safety, consistency, or efficacy of vaccines, or threaten their production, could lead to a disaster. Cyber attackers love these kinds of situations. They are always searching for opportunities to ratchet up pressure on stakeholders, knowing that it could force them to pay out larger ransoms as quickly as possible.
The last 10 years have shown a clear pattern of bad actors oozing their way into any operational technology niche where they can cause disruption or endangerment. Cyber attacks on robotic systems have not yet even begun to ramp up, likely because attacks on robots are still in the development phase. Hackers are exploring the operational circumstances of these robotic assets and adding what they find to online databases of tried-and-tested attack methods, including how to take advantage of industrial protocols. Thus far, incidents on record for robotic assets have been attributed to human error instead of malice, but as work sites become increasingly networked and cyber attackers improve their methods we can expect this to change.
The Standardization of Cyber Crime
While bad actors have boiled down cyber attacks to sets of confirmed and documented procedures that are now catalogued in databases on the darkweb, cyber threats have been industrialized. Ransomware-as-a-service (RaaS) has been successfully leveraged for many major attacks, and it is conveniently available through many different revenue models such as a one-time fee, a monthly subscription, or profit sharing. In 2021, the particularly notorious ransomware-as-a-service REvil was used in several notable attacks on major corporations, including:
- April 2021 saw an attack on Quanta Computer in which attackers attempted to extort $50 million USD with stolen designs belonging to Apple and Lenovo
- In May 2021, the largest meat processing company in the world, JBS S.A., was forced to shut down some production lines and made an $11 million USD payout to avoid stolen data being exposed online
- In July of 2021, supply chain attacks based in Kaseya VSA remote monitoring and management software caused downtime for more than 1,000 companies
Attackers are persistent, aggressive, and have monetized disruption. The next wave of attacks is likely to focus on weaponizing operational technology, as nothing is more likely to coerce a fast payout than endangered human lives.
The Bull’s Eye on OT
One of the major game changers has been the recent realization that cybersecurity must be a primary consideration for every enterprise in every industry. The medical industry has faced up this reality over the last few years as it came under a wave of targeted attacks. We can realistically anticipate a similar pattern of growing cyber risk to come to every industry, in large part through cyber attacks on mission-critical assets.
While industry-specific safety regulations raise the bar, what our researchers discovered is that those regulations lead to similarities that hackers can predict and exploit. What we’ve found is that regulations are great for preventing lower-effort attacks such as those based on ‘spray and pray’ tactics. However, targeted cyber attacks, which are carefully sculpted and prepared to cause catastrophic disruption to specific industries, can only be reliably repelled by defenses that are adapted to industry-specific concerns and backed up with the consistent efforts of security intelligence researchers.
Manufacturing has already been under attack for years. According to Trend Micro’s March 2021 report ‘The State of Industrial Cybersecurity’, 61% of factories had experienced an incident, with 75% stopping production. Of cases where production was stopped, 43% lasted more than 4 days. The crucial takeaway here is that if you have a profitable business you will be targeted. Secure those assets.
