WannaCry has hit again. This recent attack involved a Honda plant in Japan, shutting down production. As Nick Bilogorskiy, senior director of Threat Operations with Cyphort, told me in an email comment:
Automakers are especially vulnerable to network worms like WannaCry because they often use computers with older versions of Windows and those are vulnerable to security flaws. Unlike other businesses such as banks, automakers do not upgrade their factory floor hardware or software aggressively and may get behind in installing patches.
He went on to explain how devastating these attacks can be to an industrial site. Once a machine is infected, you have to decrypt files, power down all the machines so nothing else gets infected, and then re-image or re-install all infected machines, as that is the only safe method to avoid any back doors that have been dropped by WannaCry. Finally, you need to locate necessary backups and restore data from them and reset all your systems to pre-WannaCry state, and test that your applications are working as intended.
What happened at the Honda plant could happen anywhere. As a blog post from Kaspersky Lab pointed out, even though WannaCry wasn’t designed for this use, it has been successful at shutting down industrial processes.
The Kaspersky team recently released its study, “State of Industrial Cybersecurity 2017,” which found that 54 percent of industrial control systems (ICS) companies interviewed have experienced at least one cyberattack in the last 12 months, and one in five experienced two incidents in that same time frame.
Malware is the biggest threat to these systems, but closely following are targeted attacks and employee error. But here is another threat that is looming. The study found that half of the companies allow third parties access to the industrial control networks. As CSO reported:
In recent years, 63 percent of breaches were traced to third-party vendors, according to the Soha System’s survey on third-party risk management. . . . On average, organizations spent $10 million responding to third-party breaches over the previous 12 months, according to a May 2016 Ponemon report. But organizational risk isn’t limited just to direct revenue loss. Reputational impacts, regulatory exposure and lawsuits can cause lasting damage and lead to job losses for executives, directors and others in the organization.
So much focus is put on industries like health care and financial, for good reason. But it is clear that ICS need more attention, as Clint Bodungen, senior researcher, critical infrastructure threat analysis with Kaspersky Lab, said in a formal statement:
Preparedness among all departments in the organization – such as executive leaders, engineers, IT security teams and more – is key to protecting against cyberattacks. Businesses managing ICS environments need to put the necessary policies, procedures, technology and training in place immediately to properly manage these risks before they have an opportunity to damage the business.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba