There has been a startling increase in the number of security attacks against Industrial control systems (ICS) over the past few years and this doesn’t look set to stop anytime soon. However, what we are seeing is a change in the threat.
In the last year or two there have been a large amount of ransomware attacks. But, what we’re seeing now, is not that the Ransomware threat has gone away, but that it’s not increasing at the same rate as it was. We are experiencing a steep rise in the number of Cryptomining infections affecting OT environments. So rather than receiving a demand for bitcoin payment to release your system, it’s being used by criminals to mine Bitcoin for themselves.
Cryptomining infections can have huge impacts on OT environments, from a drain on your CPU load resulting in hardware failure, huge drains on your energy consumption and a potential impact of your systems being unable to do mission-critical tasks.
Check out our video interview with Chris Whitehead, Product Manager for Network and Recovery, on the evolving cyber threat for OT environments as he talks more about the rising threat of Cryptomining and how to protect against it.
Check out Chris' top 3 tips to defend against cyber threats:
1. Audit your network – know what you’ve got!
This is an important first step. Many people we speak to say their networks are air gaped, that they’re not connected to anything.
Over the last year, across the network audits that we’ve conducted, the average number of connections to the outside world that has discovered has been 11 – so you should audit your systems and know what you’ve got.
2. Utilise an Intrusion Detection system
You need to understand the threats as they come in.
This should be paired with a really good anti-virus system where applicable. I say where applicable as it’s not always the right fit to put anti-virus in certain production environments, but certainly on the outskirts, and anywhere possible, you should have anti-virus installed.
3. Monitor the health of your hardware and network
Systems like Axelia allow us to track what’s going on with an entire infrastructure, so we can spot any anomalies as they occur. Cryptomining will presents itself through ramped up CPU usage across the whole fleet of servers that are out there.
So, having the ability to monitor the network and understand what’s going on, gives you a really good high-level view and is critical in fault finding and finding out where the root cause of the issues come from.
Recovering from a Cryptomining attack
These are the pre-emptive measures you can take, but you’ve got have reactive measures in place too for if something does go wrong.
You need to have the ability to recover your systems, so it’s important to make sure that you’re taking high frequency back-ups on a regular basis, and that the data is tested. You’ve got to have the ability to not just back it up but recover that as well.
A lot of people we speak to say they have back-ups, that might be on a USB drive or CD in a fire safe, but an alarming amount of people have never test those back-ups. So, in the event of something going wrong that’s typically when they find out that the back-ups they’ve got are no use to them.
So, having a good Business Continuity and Disaster Resilience process in place is essential. Not just your ability to pull files back, but how you can carry on production? how can you get back things back up and running when the worst happens?
You need to plan that out as much as you can and test it on a regular basis. So that when something does go wrong you’ve been through the procedures, you’ve been through a Disaster Resilience shake-down test and the people, the teams are all in place, so everyone knows what needs to be done to get things back up and running as quickly as possible.
If this is something that you’d struggle with yourself, our managed service, Proteus can handle all that for you.