Cybercrime on the OT: Hackers are accessing operations, not just networks
Ransomware attacks are doing more than threatening to expose proprietary information; they’re shutting down operations.
In June 2020, one of the world’s largest auto manufacturers was forced to shut down production for a day. The problem: hackers had planted a computer virus in the automaker’s internal computer networks, which shut down systems and locked employees out of email and servers.
However, the hackers went further; the ransomware infiltrated systems along the production line, including the car inspection system. Production in plants in Japan, Turkey, Brazil, India, and the US were disrupted, some for more than a day. By crippling production, the hackers hoped to force ransom payment.
The tool hackers appear to have used is a software designed to infiltrate control systems in factories, power plants, and other industrial facilities. Such software is not designed to steal data, but rather to infect operational systems, rendering them useless and bringing business to a halt.
To date, much of the focus of cybercrime prevention by companies has been on protecting internal data – trade secrets, employee personal information, payroll, health insurance, internal records. However, manufacturers have operational technology systems (OT). These systems control production equipment, detect changes, monitor operations, and keep production lines running smoothly.
That is, until a breach occurs. Unfortunately, attacks on OT infrastructure are on the rise. One study reveals that 90% of industries across the globe had suffered at least one damaging cyberattack between 2017 and 2019, and nearly two-thirds admitted to being hit at least twice.
These OT attacks are hitting organizations by disrupting:
- Remote monitoring
- Equipment sensors
- Fire safety equipment
- Scientific equipment
- Lighting controls and energy monitoring
- Security systems
- Transportation systems
Until 2010, attacks like these on the OT infrastructure was the stuff of espionage and government-backed attacks.
Today cyberweapons have become tools for cyber thieves. Because of the ability for widespread shutdown of operations from an OT attack, hackers are seeing the potential for high ransom amounts. The hackers too have evolved. No longer lone actors, sophisticated hacking groups are targeting big business, attacks that can be launched from anywhere in the world.
The threat for industries is exponentially larger. Whereas in the past a breach could shut down systems and compromise data, the OT breach can result in a devastating fire, bodily injury, or environmental damage. The monetary losses alone would far outweigh those associated with the more traditional privacy breach cyberattack.