Simulated LogicLocker ransomware attack points out insecure industrial systems
Cyber criminals have already proved that ransomware is a threat not only to home computer users. Business enterprises[1], hospitals[2], and educational facilities[3] have already suffered from ransomware attacks as well. When hackers count millions of dollars, cybersecurity researchers from Georgie Institute of Technology predict further criminals’ steps[4]. Researchers David Formby and Raheem Beyah believe that industrial infrastructures might face ransomware attacks soon. The main problem of the research was to test vulnerabilities of the control systems and point out the threats. Researchers developed the LogicLocker ransomware[5] and simulated the attack to the water treatment plant. The virus attacked programmable logic controllers (PLCs) and was able to display false readings, increase the amount of chlorine in the water or control building management systems, for instance, escalators or elevators. If ransomware attack would be launched in real life, the consequences might be catastrophic not only for the industrial organization but to whole city and society.
Simulated LogicLocker ransomware attack reveals that industrial infrastructures should pay attention to strengthening security.
D.Formby and R.Beayh analyzed few PLCs that are used at industrial facilities by testing their security setups, password protection and sensitivity to settings changes. As it was expected, the research revealed many vulnerabilities in the security. Industrial organizations lack security protocols, and PLCs does not have strong authentication system. Compromised security systems assume that having access to the network means having the authorization to make changes in the system. Due to the fact, that PLCs have poor passwords and security policies, any crucial component of the industrial control system can be easily taken over by the attackers. Researchers point out to the misconception that many operators have. The majority of control systems were designed without having a connection to the Internet. Though, it is believed that if there’s no connection to the public network, ransomware attacks are impossible. Authors of the research note that operators may not know about all possible connections, and often systems are somehow connected.
Cybersecurity researchers wanted to bring to attention the fact that important infrastructures can be easily exposed to criminals by using one of many security vulnerabilities. Specialists claim that it’s not enough to improve password security or limit connection. It is also important to install proper monitoring systems which inform operators about the attacks and changes in the PLCs. Researchers believe that ordinary cybercriminals wouldn’t be interested in attacking the system; however, these security vulnerabilities might be used to launch attacks based on political purposes or other bad intentions. Therefore, industrial organizations should be aware of the security flaws, strengthen them and educate employees about possible dangers and possible ransomware, such as LogicLocker, attacks.
- ^ Lucian Constantin. Ransomware attacks against businesses increased threefold in 2016. CSO. The latest information and best practices on business continuity and data protection, best practices for prevention of social engineering scams.
- ^ Jessica Davis. Ransomware: See the 14 hospitals attacked so far in 2016. Heatlhcare IT News. Technology news for healthcare industry.
- ^ John E Dunn. Schools hit by spate of cold call ransomware attacks. Naked Security. Computer Security News, Advice and Research.
- ^ Simulated Ransomware Attack Shows Vulnerability of Industrial Controls. Georgia Tech. The official website of the Georgia Tech university.
- ^ David Formby, Srikar Durbha, Raheem Beyah. Out of Control: Ransomware for Industrial Control Systems. Georgia Institute of Technology. School of Electrical and Computer Engineering.