However, this time the threat actors also jammed the utility’s call centres to prevent customers from reporting the outage by launching Telephone Denial of Service (TDoS) attack. The 2015 cyberattack seemed like an experiment as barely a year later the Ukraine Power Grid was attacked again and this time the capital city Kiev went dark, breakers tripped in a large number of substations. The same exploitation tools were used to find user credentials to escalate their privileges to move laterally in the network or to send malicious commands to disrupt plant operations. Meaning that the threat actors did nothing different than using known TTPs for cyberattacks on IT environments. Spear phishing was used to introduce the BlackEnergy malware that exploited the macros in excel-based documents on computer systems at the plants. So how was this achieved – must have been very sophisticated? Actually, not. SCADA equipment was rendered inoperable and power restoration had to be completed manually, which further delayed restoration efforts. In 2015, Ukraine was hit by another massive cyberattack that shut off power at 30 substations and left millions of people without electricity for up to six hours. OT cyberattacks surged rapidly and suddenly the attack techniques from threat actors, in terms of creativity and smartness of achieving their malicious objectives, evolved since then. Unfortunately, it was also an eureka moment for threat actors too. STUXNET was the eureka moment for the energy and manufacturing industries that OT environments can be breached and what impact it can have on their business, human lives, environment and economies. The STUXNET worm was designed specifically to target these environments which allowed the threat actor to exploit and disrupt production operations causing downtime and business impact. In 2010, arguably, the most sophisticated cyberattack was executed on an Iranian uranium enrichment facility that exposed the weakness of cybersecurity controls and vulnerability of OT environments. Here are several examples of well documented cyberattacks on critical national infrastructure over the past two decades: Therefore, to successfully protect information technology (IT) and operational technology (OT) systems, companies must understand the tactics, techniques and procedures (TTPs), which threat actors use to achieve their desired objective. The answer is straightforward – the controls that have the biggest impact on reducing the likelihood or the impact of a successful cyberattack.Ĭyber risk is generally defined as the threat to the system, the system’s vulnerability and the resulting consequences. This may be the case in most situations but the more important question to ask is – what are the cybersecurity controls that should be considered by organisations? ARE organisations only concerned with undertaking the right measures to mitigate cyber risk after they have been cyberattacked?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |