After discussing industrial sabotage, our series of attack scenarios on industrial systems continues. Of these attacks, a denial-of-service on an industrial installation is particularly dangerous: it can bring continuous production lines to a long-lasting standstill.
Before going any further, read the article: What is an industrial system and how to protect it?
What is a denial-of-service?
A denial-of-service on industrial installations occurs when an attacker takes direct control of controllers and floods the network to render it ineffective, stop production and possibly cause physical damage in order to complicate the re-establishment of service. Stopping a production tool puts infrastructure in danger and prevents maintenance on a continuous production chain (refinery, water treatment plant, etc.).
Denial-of-service on industrial installations in 3 stages
1. Penetrating the network
In order to launch an attack, cybercriminals will first have to penetrate the network. For this, they have several options:
- take control of an industrial station with a malware
- usurp remote access
- divert a wireless connection
- penetrate the network from a physical on-site access point (IT closets, pipelines, etc.)
2. Installation of a control unit
Attackers will then install a unit that allows them to take remote control of controllers.
3. Flooding the network
Hackers use the installed unit to attack all machines. This denial-of-service technique via floods, well known in the IT sector, consists of sending too much information to controllers which, in turn, are not able to process it all, become saturated and stop working. Hackers can take advantage of their direct access to controllers and install a non-functional program: this is a denial-of-service technique via reprogramming.
Protecting yourself from an industrial denial-of-service
To prevent this type of attack you must have a powerful surveillance system that is capable of detecting new elements installed on the network or changes in the behavior of a machine. This anomaly detection system can tell if a Windows machine takes on suspicious behaviors as a result of a malware infection.
In order to effectively protect yourself from potential attacks — data theft, sabotage, industrial denial-of-service — it is important that you provide your system with specific protection by considering the context of each event. Specific solutions such as ICS CyberVision by Sentryo allow you to map out and monitor your industrial systems so you can protect all your networks from attacks. Download our free report to have all the essentials you need to ensure the security of your industrial systems.