By, Russ Schafer and Mitch Muro
The recent attack on a U.S. pipeline impacting almost half the fuel on the East Coast, is confirmation that the acceleration in sophisticated ransomware attacks is continuing. The numbers don’t lie. We are in the midst of the cyber pandemic. After COVID-19 caused a rapid rise in ransomware attacks in 2020, the increase in attacks in 2021 has accelerated. Just take a look at these frightening ransomware statistics from Check Point’s ThreatCloud database:
- Attacks in the U.S. alone have increased 300% in the past 9 months
- U.S. Utilities have been attacked 300 times every week for an increase of 50% in just 2 months
Cybercriminals have continued to take advantage of the increase in remote work required by the COVID-19 pandemic. Phishing attacks have been highly successful for launching a ransomware attack. Leveraging IT-OT convergence Cyber criminals can breach the network by getting some unsuspecting employee working from home to click on an email. They can then take their time searching the internal network for a critical enterprise device to hold for ransom. In general, ransomware attacks are often easy for cyber criminals to orchestrate and largely profitable. All that is needed is some research, a small sum of cash, and access to the Dark Web in order to pull off a successful ransomware attack.
Attacks on Industrial Control Systems (ICS) that Operate Critical Infrastructure
A prime target for cybercriminals has been the Operational Technology (OT) networks and Industrial Control Systems (ICS) that manage our critical infrastructure. Critical infrastructure includes the water we drink, the electricity that powers our homes, and the transportation that ship’s cargo around the world by sea, land and air. Critical infrastructure dispatches our emergency services and ensures our traffic turns smoothly. It automates the manufacturing of the products we use daily and powers our oil, gas and renewable energy industry. It even controls the building management systems in hospitals, data centers, and office buildings.
These attacks have huge implications not only on businesses, but also on communities, cities, states and entire countries. The consequences can be dire like the attack on the Israel water system where a nation state tried to poison the water. Industrial operations can be directly impacted and shut down. In 2020, both a U.S. natural gas pipeline and Australian steel company operations where shut down until the attack was contained.
Adoption of M2M Automation Expanding Industry Control System Attack
The OT and ICS attack surface is expanding with 61% of incidents disrupted production processes. Securing today’s critical infrastructure against cyber-attacks is more challenging than ever before for a couple of reasons.
First, ICS assets are more vulnerable to attack as many were never meant to be connected to a network. Second, ICS systems are become more connected as companies embrace ‘Industry 4.0.’ Industry 4.0 is the combination of traditional manufacturing with the latest technology, including IoT and machine to machine (M2M) communications, to enable automated, smart processes.
This has great benefits, but it has expanded the OT and ICS networks to connect tens of thousands new, intelligent devices – which means thousands of new points of vulnerability. This has continued to blur the line between OT and IT networks making it easier for hackers to move laterally across the network.
Best Practices for Preventing Ransomware and other Sophisticated Cyber Attacks
In a 2020 webinar on Protecting Industrial Control Systems and OT Networks from a Cyber Pandemic, Check Point shared some insights on why ransomware attacks happen, how they happen, and what can be done to protect your organization.
The first step is to get visibility into the threat risk in your network and devices. Companies need an easy way to identify what devices are connected to the network, what information is being passed, and determine the vulnerability and risk of that communication. The second is being able to monitor ICS and SCADA protocols and commands, so security professionals can determine if the systems are connecting and communicating as they should be.
And lastly, you need to be able to easily create security policies designed for OT and ICS systems that can prevent security breaches and keep up with the latest threats. Where companies run into headaches is making sure all of this is done without impacting security operations. Security must be easy to implement and automatically updated, so security does not impact day to day operations. Here are some key security best practices to keep in mind, so you are protected when a cyber-criminal tries to sneak through the back door of your network.
Check Point’s ICS security solution including Quantum Rugged Next Generation Firewalls, is the quickest way to minimize your risk exposure across IT and OT environments, and block attacks before they reach critical assets. All in a way that is easily scalable and non-disruptive to critical processes.
#1. Always Have the Ability to Discover & Assess Network/Device Risks
Check Point enables you to discover all OT and ICS assets as well as determine the security risks and vulnerabilities. From a single console, you can view all assets classified based on their risk level and drill down for a risk analysis per asset.
#2. Implement Zero Trust Security Policies
Once your risks are identified, you should practice Zero Trust security policies customized per device to instantly minimize your risk exposure. This saves months of manual policy configurations and ensures your OT assets are secure, even when they are first connected to the network. This allows you to easily implement policies that will ensure systems only use communication protocols they are allowed to use and enables you to block unauthorized access.
#3. Threat Prevention Starts with IT/OT Network Segmentation
They key to network design is SEGMENTATION, so hackers can’t latterly move across your IT infrastructure to the manufacturing facility. Check Point Next-Generation Firewalls like the Quantum Rugged 1570R provide boundary protection between the IT and the OT network and micro segmentation among product lines and departments on the shop floor. The Purdue module in the diagram is the preferred method of IT and OT network segmentation. With granular visibility into SCADA protocols and commands, these firewalls provide access control throughout the OT environments.
#4. Threat Prevention with Protection Against the latest Threats
As we learned earlier, security should be easy to implement without impacting operations. Check Point’s solutions enable you to protect all devices against known and unknown Zero day attacks through virtual patching. Check Point has over 300 IPS prevention signatures against OT related attacks that are constantly being updated through our ThreatCloud threat intelligence database. Check Point ThreatCloud is the largest threat intelligence network on the globe. It has unmatched visibility the latest malware and phishing attacks.
Get Prepared to Prevent a Ransomware Attack on your Organization
We are aware that this could all seem a little daunting, but we’re here to help you every step of the way with security solutions that meet the unique needs of your organization. Given the recent stories in the news regarding the rapid increase of ransomware attacks. It’s no longer a matter of IF, but WHEN it will happen to you. It’s never too early to start implementing a preventative security strategy to protect your organization.
For more information and resources to ensure the safety and integrity of your OT & ICS environment, visit us here: https://www.checkpoint.com/industry/industrial-control-systems/
Or sign up for a free demo, so we can show you how Check Point OT Security Solutions and the 1570R can help secure your industrial control systems.