OT/ICS Malware: A Brief Timeline
A control system that receives multiple inputs like
raw material, transport, power, labor to obtain a finished product that
includes many activities is said to be an Industrial Control System (ICS). ICS
is considered to be isolated, static systems as ICS is considered to be highly
risky as an incident could cost huge revenue loss, loss of human life, and a
risk to the surrounding environment and hence is to be handled with the at most
security and care. As per the surveys conducted by Kaspersky in 2019 among many
Industrial sites it was understood that the ICS receives good funding for the
security improvement, the survey also pointed out they have difficulty in
finding employees who are experts in OT/ICS cybersecurity and also the difficulty for the employees in identifying and understanding a cyber-attack
[1]. The growing technology raises new and improved attacks from hackers which
possesses the difficulty in eliminating the cyber-attack concern for the
OT/ICS.
The last decade has shown significant growth in
adversaries attacking ICS/SCADA environment. Adversaries changed the approach
and method of malware to infect devices like PLCs, SCADA, RTUs, etc.
One of the earliest attacks on ICS/SCADA environment
is the Marconi wireless hack in 1903. In 1997, the Worcester air traffic
communication attack took place which caused abnormal communication signals in
the air traffic controls and communication. Later on, in 2000 an employee who
was rejected in the hiring process for a sewage treatment plant plotted a
revenge attack called the Moorchi that lead to the pollution of the water
bodies with untreated sewage waste. In 2003, the Dacis-Besse Slammer worm attack
took place in a nuclear power plant. In 2005, another worm attack took place
called the Zotob that targeted the automobile industry. The ICS/SCADA industry
was terrorized in 2010 because of the Stuxnet malware and also by the Night
Dragon that targeted global energy. Later in 2012, a cyber intrusion
campaign was performed on gas pipelines, and also the Saudi Arabian oil
refineries attack called the Shamoon took place in the same year. In 2013
two attacks took place where one was at the New-York dam and the other was malware which was the Havex which was a malware campaign. In 2014, the year
where three of the shocking malware took place which was the German Steel
Mill attack which caused the malfunction of a blast furnace, the Black Energy a
malware targeting the HMI’s (Human Machine Interface) and the cyber-espionage attack
called the DragonFly. The Ukraine power grid attack which was the number one of the successful power grid attack took place in 2015. In 2016 the Kemuri attack
which altered the chemicals in a water treatment plant took place, the same
year the powerful attacks that took place in the Saudi-Arabian oil refineries
Shamoon and the Ukraine Power Grid attack happened again with the same
consequences and impact. The cyber-world of both OT and IT was powerfully
intimidated with the arrival of the Wanna-cry attack that took place in 2017.
Wanna-Cry was not the only attack that caused panic in 2017 Not-Petya, TRITON,
CRASH-OVERRIDE and APT33 also shook the industries. 2019 and 2020 have been
under the threat of the EMOTET malware and also the Snake ransomware.
Comments
Post a Comment