new generation industrial sabotage

In a series of 3 articles, Sentryo will take you through an analysis of the cyberattack threats hovering over industrial systems. After the issue of confidential data theft in the first article, today in this second article find out about new generation industrial sabotage and how to protect yourself.

Before going any further, read the article: What is an industrial system and how to protect it?

New generation industrial sabotage

According to Stéphan Meynet, “Since 2010, cybersabotage attacks on industrial installations have multiplied”. Hackers are no longer content with just industrial espionage; they now find a certain appeal in sabotage where the stakes are much higher.

Industrial sabotage: what is it?

To sabotage an industrial system, the attacker will infiltrate a manufacturing process and modify production without being noticed. This is achieved by directly infiltrating the program of a machine and modifying it or the supervisory control and data acquisition systems (SCADA). The goal: create defective “goods”

Attack fact sheet
  • Purpose: modify an industrial process
  • Installation type: centralized manufacturing process
  • Impact: diminish the integrity of the industrial process
  • Modus operandi: modify the program of one or more programmable logic controllers and decoys in the SCADA system.

To carry out an attack like this, a hacker must have extensive knowledge of the industrial process, down to the last detail: from technical network information to specific industrial data related to production (temperature, pressure, etc.). Knowing the control system allows the hacker to bypass the alert mechanisms by modifying the alert thresholds.

The Stuxnet sabotage
The best example of this type of cyberattack is the hacking of Iran’s nuclear program orchestrated by Israel and the United States in 2007. The Stuxnet virus had time to reorganize the entire production process before it was discovered in 2010.

The events of the cyberattack

An attack such as this takes place in 7 stages:

1. Connection to programmable logic controllers

2. Exfiltration of PLC programs

3. Extraction of sensitive data from supervisory control stations (programs, synoptics, instructions, alert thresholds)

4. Extraction of information stored in the database

The attack gains in complexity in the 5th stage.

5. Modification of programs: modifications must be made without triggering surveillance systems.

6. Reinjection of modified programs into PLCs

7. Decoy of supervision and surveillance systems

Protect yourself against industrial cybersabotage

It is essential to map out your network. What is the architecture? What device are connected to what? Who has access to the network? Can remote access be established?

According to data from IBM, 60% of cyberattacks are not carried out from the outside but rather from the inside by members of the target company.

The attack on the Ukrainian power grid
In December 2015 and 2016, the Ukrainian power grid was victim of two large-scale attacks… To learn all the details of this industrial sabotage, download our ebook for an in-depth look at Sentryo Security Labs’ analysis!

Rather than destroying a system or stealing data, industrial sabotage aims to cause malfunctions in production operations. Better visibility of your network means better control. You also need to choose a well-adapted cybersecurity solution to monitor your systems, detect anomalies and generate alerts in real time. With this protection, you will be able to counter threats to the operational continuity and integrity of your systems before they go any further!