2019 Predictions: Attacks on Industrial IoT

38

By Nir Gaist, Founder & CTO, Nyotron

As we draw closer to flipping the calendar to 2019, we can look back on the 2018 cybersecurity landscape to help us anticipate what information security professionals should prepare for in the new year.

One lesson we learned is that municipalities and utilities are soft targets. SC Media’s Robert Abel reported earlier this month that the city of North Bend, Ore., was hit with a ransomware attack which temporarily locked city workers out from their computers and databases. The attackers demanded $50,000 in Bitcoin, but fortunately the city’s IT systems were backed up and officials were able to avoid paying the ransom.

Just a couple days later, Abel’s colleague Doug Olenick reported that the City of Topeka, Kan., discovered its third-party payment vendor was breached, possibly exposing the personal information of about 10,000 utilities customers.

The SamSam ransomware attack that made national headlines after crippling the city of Atlanta’s computer network in March could cost taxpayers $17 million. That’s an enormous sum of money, especially considering the attackers were “only” demanding $55,000 worth of bitcoins.

Money has been the primary motivation for these attacks on municipalities and utilities. However, we not only predict that attacks on municipal agencies and industrial IoT will become more common in 2019, but also that attackers’ objectives will be more insidious: to create a major disaster at a critical infrastructure facility, such as a power plant or hydroelectric dam.

That may sound like the plot of a Hollywood blockbuster starring The Rock, but consider that industrial control systems (ICS) vulnerabilities were exploited in successful attacks on an electrical grid and chlorine plant in Ukraine, and in a narrowly-avoided disaster at a Saudi petrochemical plant. These vulnerabilities were among the top three themes at this year’s Black Hat and DEF CON conferences.

All of those attacks occurred outside the U.S., but there is evidence that state-sponsored actors are setting their sights on U.S. infrastructure.

The federal government in March released a report describing a Russian hacking campaign to infiltrate America’s “critical infrastructure” including power plants, nuclear and water facilities. The FBI and Department of Homeland Security joint report warns that Russian hackers gained access to computers across the targeted industries and collected sensitive data including passwords, logins, and information about energy generation. There was no evidence of sabotage, so the report draws the conclusion that the intrusion was designed to pave the way for future attacks that do more than just collect data.

Energy Secretary Rick Perry told lawmakers at an appropriations hearing that cyberattacks are “literally happening hundreds of thousands of times a day,” and added that the Department of Energy needs an “office of cybersecurity and emergency response” in order to be prepared for threats like this in the future.

Looking back on 2018 also provides clues for how malware will evolve and become more sophisticated in 2019.

We predict attackers will use what we call adversarial or weaponized artificial intelligence (AI). Just as security vendors are training their machine learning (ML) models on malware samples to detect them, malware writers can tune their attacks to avoid detection using the same algorithms. Moreover, certain types of attacks, like phishing, can be automated using AI algorithms.

And just as 2018 began with the appearance of Spectre/Meltdown, a previously unknown threat vector that affected hundreds of millions of systems and cloud environments, we expect to see a previously unknown major threat to wreak havoc worldwide in 2019.

To learn more about the developments throughout 2018 that inform all three of my predictions, read my recent column for Information Management titled “3 top cybersecurity predictions for 2019”.

Rene Kolga is Senior Director of Product and Marketing at Nyotron, the developer of PARANOID, the industry’s first OS-Centric Positive Security solution to strengthen your AV or NGAV protection. By mapping legitimate operating system behavior, PARANOID understands all the normative ways that may lead to damage and is completely agnostic to threats and attack vectors. When an attack attempts to delete, exfiltrate or encrypt files (among other things), PARANOID blocks them in real-time.