Many IT systems face significant cyberattack risks across critical sectors
Trend Micro, the Japanese company and one of the global leaders in cybersecurity solutions, has published a study showing that human-machine interfaces (HMIs) used by thousands of water and energy providers around the world could be attacked, with potentially serious consequences, including contamination of water supplied to the public.
HMIs play a key role in industrial IT systems by allowing human operators to interact with supervisory control and data acquisition (SCADA) systems. The vast majority of the systems identified as vulnerable come from small water and energy providers that help feed the supply chain of large utility companies. If a cybercriminal manages to access a vulnerable human-machine interface, they can not only see all information relating to critical systems, but also interact with and abuse these interfaces.
“Critical infrastructure is a national cybersecurity priority – but it is also of great interest to cybercriminals, who can target and exploit the weak link in these connected systems,” warns Loïc Guézo, Cybersecurity Strategist Southern Europe, Trend Micro. “As Trend Micro’s study shows, it is troubling to see that critical systems, and the networks they are connected to, continue to be unnecessarily exposed to risk. This exposure, combined with the rise in vulnerabilities affecting industrial control systems (ICS) highlighted this year by the Zero Day Initiative (ZDI) program, underscores the growing level of risk faced by every sector of our economy.”
A large share of these HMIs are legacy systems that were not originally designed to be connected to the network in this way. Today, this connectivity has been added to old operational systems, many of which have been in place for a long time and are extremely difficult to patch, further amplifying the risk of attack.
In the report, Trend Micro researchers describe in detail potential attack scenarios that could have real-world consequences for critical infrastructure by exploiting information drawn from vulnerable systems. This information may include device types, physical locations and other system data that could be used to plan a potential attack.
Hackers could soon attempt to exploit these vulnerable systems, given the increase in newly discovered vulnerabilities this year. In 2018, Trend Micro’s Zero Day Initiative program catalogued nearly 400 vulnerability alerts related to SCADA systems – a 200% increase compared with the same period last year.
According to a recent survey conducted by Trend Micro, operational technologies like these are generally not overseen by dedicated IT or security teams. Confusion within companies over who is responsible for protecting connected endpoints often increases the risk factor.
To protect HMIs from attack risks, IT security managers must ensure these interfaces are properly secured before they are connected to the Internet. Likewise, each of these endpoints should be isolated as much as possible from the corporate network, making it possible to meet operational needs while eliminating the risk of exposure and exploitation of vulnerabilities.
“If we had not detected the C&C (command and control) malware in our SCADA environment, our toxic gas monitoring systems could have been compromised and put human lives at risk,” explains Ireneo Demanarig, Chief Information Officer, CEITEC S.A. “Security must be at the very heart of our company. Trend Micro not only provides comprehensive security solutions. It is also a valuable partner that helps us automate the sharing of threat intelligence, and that makes our lives easier.”
Trend Micro’s security solutions help protect users around the world against threats targeting SCADA environments. To learn more about the findings of the study and the risks facing critical infrastructure, please see the report:
