In a series of 3 articles, Sentryo will take you through an analysis of the cyberattack threats hovering over industrial systems. After the issue of confidential data theft in the first article, today in this second article find out about new generation industrial sabotage and how to protect yourself.
Before going any further, read the article: What is an industrial system and how to protect it?
New generation industrial sabotage
According to Stéphan Meynet, “Since 2010, cybersabotage attacks on industrial installations have multiplied”. Hackers are no longer content with just industrial espionage; they now find a certain appeal in sabotage where the stakes are much higher.
Industrial sabotage: what is it?
To sabotage an industrial system, the attacker will infiltrate a manufacturing process and modify production without being noticed. This is achieved by directly infiltrating the program of a machine and modifying it or the supervisory control and data acquisition systems (SCADA). The goal: create defective “goods”
To carry out an attack like this, a hacker must have extensive knowledge of the industrial process, down to the last detail: from technical network information to specific industrial data related to production (temperature, pressure, etc.). Knowing the control system allows the hacker to bypass the alert mechanisms by modifying the alert thresholds.
The events of the cyberattack
An attack such as this takes place in 7 stages:
1. Connection to programmable logic controllers
2. Exfiltration of PLC programs
3. Extraction of sensitive data from supervisory control stations (programs, synoptics, instructions, alert thresholds)
4. Extraction of information stored in the database
The attack gains in complexity in the 5th stage.
5. Modification of programs: modifications must be made without triggering surveillance systems.
6. Reinjection of modified programs into PLCs
7. Decoy of supervision and surveillance systems
Protect yourself against industrial cybersabotage
It is essential to map out your network. What is the architecture? What device are connected to what? Who has access to the network? Can remote access be established?
According to data from IBM, 60% of cyberattacks are not carried out from the outside but rather from the inside by members of the target company.
Rather than destroying a system or stealing data, industrial sabotage aims to cause malfunctions in production operations. Better visibility of your network means better control. You also need to choose a well-adapted cybersecurity solution to monitor your systems, detect anomalies and generate alerts in real time. With this protection, you will be able to counter threats to the operational continuity and integrity of your systems before they go any further!