BUSINESS
Rockwell Automation and Cisco’s network security solution –
Converged Plantwide Ethernet (CPwE) architectures – is designed
to help IT and OT professionals address constantly changing
security threats.
NotPetya’s ransom note.
Sources
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
While this attack also appeared
superficially similar to WannaCry,
with a ransom demand for decrypting
encrypted IDT data, like the NotPetya
attack, this was a smokescreen. The
truth was far more sinister: the
ransomware attack masked the theft
of employee credentials, which could
have been used to access confidential
information or even destroy machines.
Even more worrying was the fact that
the attack went undetected by “leading
cybersecurity products, the top
security engineers at its biggest tech
companies, government intelligence
analysts, or the FBI.”
The only reason it was noticed at all
was “a digital black box that recorded
everything on IDT’s network,”
together with the tenacity of IDT’s
global chief information officer Golan
Ben-Oni, who described the attack as
a “nuclear bomb” compared to the
fire of WannaCry.
Mining sector
companies, including those in the
mining sector, being subject to this
type of attack.
The growing use of telematics and
data analytics, as well as the increase
of data in the cloud, the convergence
of IT and OT technologies, and the
uptake of IoT, amplifies the potential
cybersecurity risk. Malicious viruses or
worms, like Stuxnet, “explicitly target
critical systems,” and autonomous
vehicles are also a concern, not just
because of potential disruptions,
but because of the potential safety
implications.
Despite the increased risk, a Trend
Micro white paper on cyber threats
to the mining industry states that
while the sector is under threat from
cyberattacks and the exploitation
opportunities are significant, it is an
area that almost no one wants to talk
about (Huq, 2016: 3). And this is
something that needs to change. n
“
According to Deloitte’s Tracking
the Trends 2017 report, mining
companies are exploring digitisation
as a way to improve operations.
However, the same report points
out that over the past few years,
most major mining companies
have experienced attacks, with their
IT security technologies unable
to protect against increasingly
sophisticated and malicious online
threats. The report highlights that
ransomware has become one of the
most prevalent forms of cyberattack
over the past year, with many
Over the past
few years, most
major mining
companies have
experienced
attacks.”
Anderson, M. 2017. ‘“NotPetya”: Latest ransomware is a warning note from the future’. IEEE Spectrum, 30 June.
http://spectrum.ieee.org/tech-talk/computing/it/notpetya-latest-ransomware-is-a-warning-note-from-the-future.
Auchard, E. & Käckenhoff, T. 2016. ‘ThyssenKrupp secrets stolen in “massive” cyber attack’. Reuters.
http://www.reuters.com/article/us-thyssenkrupp-cyber-idUSKBN13X0VW.
Budd, C. 2016. ‘The mining industry is getting rocked by cyber threats’. Trend Micro, 13 July.
http://blog.trendmicro.com/the-mining-industry-is-getting-rocked-by-cyber-threats.
Dragos. 2017. ‘CrashOverride: Analysis of the threat to electric grid operations’. https://dragos.com/blog/crashoverride/CrashOverride-01.pdf.
Huq, N. 2016. ‘Cyber threats to the mining industry’. White Paper by Trend Labs, the global technical support and R&D centre of Trend Micro.
https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cyber-threats-to-the-mining-industry.pdf.
International Telecommunication Union (ITU). 2017. Global Cybersecurity Index (GCI) 2017.
https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-PDF-E.pdf.
Karnouskos, S. 2011. Stuxnet worm impact on industrial cyber-physical system security. Germany: SAP Research. http://papers.duckdns.org/files/2011_IECON_stuxnet.pdf.
Kushner, D. 2013. ‘The real story of Stuxnet’. IEEE Spectrum, 26 February. http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet.
Perlroth, N. 2017. ‘A Cyberattack “the World Isn’t Ready For”’. New York Times, 22 June.
https://www.nytimes.com/2017/06/22/technology/ransomware-attack-nsa-cyberweapons.html.
Perlroth, N., Scott, M. & Frenkel, S. 2017. ‘Cyberattack hits Ukraine then spreads internationally’. New York Times, 27 June.
https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html.
Sentryo. 2016. ‘Cyberattack on a German steel-mill’. https://www.sentryo.net/cyberattack-on-a-german-steel-mill.
Wakefield, J. 2017. ‘Tax software blamed for cyber-attack spread’. BBC News, 28 June. http://www.bbc.com/news/technology-40428967.
Zetter, K. 2014. ‘An unprecedented look at Stuxnet, the world’s first digital weapon’. Wired, 3 November.
https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet.
SEPTEMBER 2017
17