While Saudi Aramco is deep in the throes of a dangerous data leak and ransom demand, cybersecurity pros manning the gates at other critical industrial facilities had better consider the ramifications for their own company’s well-being – and right away.
As of this moment, global Incident Response researchers are considering, as the modus operandi, a simple human error that enabled a data leak and confiscation of no less than a terabyte-trove of data files apparently through a 3rd-party contractor. The perpetrators of the attack are demanding a $50M USD million ransom in bitcoin with the vague promise of deletion of the data upon receipt of the exorbitant payment.
A spokesperson for Aramco, the world’s largest oil producer, stated that there was no direct breach of company OT systems and that Aramco “continues to maintain a robust cybersecurity position”. But who really knows? Breaches come in many novel ways and are sure to visit again and again.
In 2012, a spear-phishing attack against this very same company destroyed 30,000 endpoints within a few hours. In that case, an innocent human error might have enabled perilous entry into the company’s IT networks and, from there, lateral movement across thousands of computers.
That attack succeeded in disrupting information technology and business operations. This current ransomware attack against Aramco and numerous others that pester critical industrial facilities and infrastructure on a daily basis can become much more expensive – and deadly.
In today’s Industry 4.0 landscape, OT networks are increasingly integrated with their IT counterparts, enabling increased productivity due to the rapid sharing of production, business, and other data, but also exposing connections between the two formerly separated functions. Daring cyber attackers increasingly attempt to exploit these connections to get at the actual production facilities. An innocent human error might not only result in the extraction of terabytes of business data but might also interrupt the world’s supply of oil.
Or even worse!
Only this month, the US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) revealed that Chinese state-sponsored attackers have targeted 23 and successfully breached 13 US oil and natural gas (ONG) pipeline companies via a spear-phishing campaign targeting employees. This campaign, along with the infamous attack on Colonial Pipeline last May, exploit the criticality of Oil & Gas infrastructure to the economy and national security – whether for geopolitical reasons or profits.
Hard on the heels of the Colonial attack, CISA and the FBI, in their Alert AA21-201A, urged owners and operators of energy-sector and other critical infrastructure (CI) networks to adopt a heightened state of awareness and implement certain recommendations that include implementing network segmentation between IT and industrial control system (ICS)/operational technology (OT) networks.
Companies must adopt comprehensive solutions and establish a resilient IT/OT integration architecture that enable cybersecurity professionals to understand their cyber risks across the entire company – OT and IT. They must be able to quickly discover, analyze, and monitor all OT, IT, and Industrial IoT assets within the OT network based on their criticality, physical location, business impact, and more, providing full cybersecurity visibility.
Correlating asset data and industrial context from multiple existing and new cybersecurity and threat-detection sources, these solutions will automatically identify the gaps in the overall security posture and provide early detection of attack patterns – before they strike production facilities and exfiltrate data.
As CISA, the FBI, and other agencies increasingly issue warnings and new regulations to safeguard critical infrastructure, industrial organizations must comply with existing and emerging operational technology cybersecurity best practices and standards such as NIST 800-82 and IEC-62443.
To defend against ransomware and other types of attacks against production facilities, companies need to fully understand their exposures and risks. New AI-based solutions are delivering this understanding and even issuing actionable playbooks that provide step-by-step remediation guidelines that help operational teams manage and mitigate inevitable threats efficiently.
OTORIO delivers these solutions to the market today, enabling customers to discover their exposures and risks, thereby closing the gaps between IT and OT networks.
The heavy demand for ransom against Saudi Aramco and Colonial Pipeline are just two of the latest assaults on production facilities, distribution lines, and other infrastructure. The FBI assures us that there will be many more.
Be prepared BEFORE they strike your company.
OTORIO, along with our partner, CYE, has been working with global organizations, governments, and other interested bodies to provide short- and long-term plans to meet coming regulations while exploiting the opportunity to increase security posture in IT-OT-IIOT environments.