Simulated LogicLocker ransomware attack points out insecure industrial systems

Harold Dalma - -

Cyber criminals have already proved that ransomware is a threat not only to home computer users. Business enterprises[1], hospitals[2], and educational facilities[3] have already suffered from ransomware attacks as well. When hackers count millions of dollars, cybersecurity researchers from Georgie Institute of Technology predict further criminals’ steps[4]. Researchers David Formby and Raheem Beyah believe that industrial infrastructures might face ransomware attacks soon. The main problem of the research was to test vulnerabilities of the control systems and point out the threats. Researchers developed the LogicLocker ransomware[5] and simulated the attack to the water treatment plant. The virus attacked programmable logic controllers (PLCs) and was able to display false readings, increase the amount of chlorine in the water or control building management systems, for instance, escalators or elevators. If ransomware attack would be launched in real life, the consequences might be catastrophic not only for the industrial organization but to whole city and society.

Simulated ransomware attack points out at insecure PLCs

D.Formby and R.Beayh analyzed few PLCs that are used at industrial facilities by testing their security setups, password protection and sensitivity to settings changes. As it was expected, the research revealed many vulnerabilities in the security. Industrial organizations lack security protocols, and PLCs does not have strong authentication system. Compromised security systems assume that having access to the network means having the authorization to make changes in the system. Due to the fact, that PLCs have poor passwords and security policies, any crucial component of the industrial control system can be easily taken over by the attackers. Researchers point out to the misconception that many operators have. The majority of control systems were designed without having a connection to the Internet. Though, it is believed that if there’s no connection to the public network, ransomware attacks are impossible. Authors of the research note that operators may not know about all possible connections, and often systems are somehow connected.

Cybersecurity researchers wanted to bring to attention the fact that important infrastructures can be easily exposed to criminals by using one of many security vulnerabilities. Specialists claim that it’s not enough to improve password security or limit connection. It is also important to install proper monitoring systems which inform operators about the attacks and changes in the PLCs. Researchers believe that ordinary cybercriminals wouldn’t be interested in attacking the system; however, these security vulnerabilities might be used to launch attacks based on political purposes or other bad intentions. Therefore, industrial organizations should be aware of the security flaws, strengthen them and educate employees about possible dangers and possible ransomware, such as LogicLocker, attacks.

References


Like us on Facebook
Spreading the knowledge: It is very hard to fight against computer parasites on the Internet alone. If you have a website, we would be more than happy if you would like to cooperate and help us spread the information about latest threats. Remember, knowledge is the most powerful weapon. Help your visitors protect their computers!