2017 attacks
According to the Global Cybersecurity Index
(GCI) 2017 report, in 2016, “nearly one
percent of all emails sent were essentially
malicious attacks.” The demands from
ransomware attackers are also escalating, with
the same report claiming that the average
ransom demand in 2016 was over USD1 000,
up from USD300 in 2015. A New York Times
article published in June, ‘Ponzi scheme meets
ransomware for a doubly malicious attack’,
said that while ransomware attacks in 2016
were estimated to have raked in around USD1-
billion, the number is likely to be much higher
this year.
The outbreak of the WannaCry ransomware
in May this year made international headlines, as it
affected hospitals, banks, universities, engineering
companies (including Sandvik), automotive
companies (including Nissan and Renault),
manufacturing plants, telecommunications
companies (including Telkom), and even
government ministries. Hundreds of thousands of
computers in 74 countries were affected in around
24 hours, and by the time it was over, more than
150 countries had been affected.
Then, six-and-a-half weeks later, there
was a second cyberattack making headlines.
According to the New York Times (‘Cyberattack
hits Ukraine then spreads internationally’),
the outbreak, which initially appeared to be
a second ransomware attack, spread across
Ukraine — and the world — for five days
before activating on 27 June. Among those
affected were steel manufacturing and mining
company Evraz and shipping giant Maersk.
More worryingly, the Chernobyl plant was also
affected, with the computers responsible for
monitoring radiation levels affected. While
these were fortunately not connected to the
site’s industrial systems, the huge volumes
of radioactive waste needed to be manually
monitored. Despite its apparent similarity to
WannaCry, according to Slovak antivirus vendor
ESET, 80% of all infections were in Ukraine,
suggesting a political motivation.
Far more frightening, barely a week before
the Ukraine-focused attack, the New York Times
published an article on an attack that occurred a
mere two weeks before the WannaCry outbreak,
this one against the Manhattan-based IDT
Corporation. The article, ‘A cyber attack “the
world isn’t ready for”’, described a much worse
attack that went largely unnoticed due to the
focus on WannaCry.
CPU 416-3 from Siemens Simatic
S7-400, (left-to-right): power supply unit
(PSU), CPU, interface module (IM), and
communication processor (CP).
Control panel with an Allen-Bradley
PLC user interface for thermal oxidiser
regulation.
Siemens Simatic S7-300 PLC CPU with three I/O modules attached.
In 2014, a German steel mill was the target
of a cyberattack, which prevented a blast
furnace from being shut down and caused
massive damage to the foundry.
Programmable logic controllers
SEPTEMBER 2017
15