The Industrial Control Systems in the present-day world are at a higher risk of interference by the hackers. This is because of their connectivity with the internet. While digitization helps in automating these systems, it also provides a pathway for hackers to gain access to these systems and interfere with them. There were 3 major events that took place in 2016 in which hackers happened to gain unauthorized access to Industrial Control Systems and hack them. Being a part of the critical infrastructure, protection of Industrial Control Systems is a top priority because if they fall, the dependent systems will become dysfunctional and the cumulative consequences can be enormous.
The 3 cyber attacks that shook the Industrial Control Systems in 2016 are:
1. Operation Ghoul
In August 2016, Kaspersky Labs unearthed a spear phishing campaign that was targeting industrial organizations in the Middle eastern countries. The series of attack under this spear phishing campaign were given the title “Operation Ghoul”. The attack started with an email that appeared to be coming from a bank in UAE. It was a phishing email that was faking the credentials of the Emirate NBD bank. The email was loaded with an infected attachment that contained HawkEye; a malware that would collect personal information through keystrokes, clipboard data etc. As per Kaspersky Labs, atleast 130 organisations were impacted by Operation Ghoul. The spread of targeted countries was from India to Spain.
2. New York Dam attack
On 24 March 2016, an Iranian hacker was publicly accused by the officials of Department of Justice. The Justice Department claimed Iran had attacked U.S. infrastructure online, by infiltrating the computerized controls of a New York Dam, heralding a new way of war on American soil. Hackers broke into the command and control system of the dam in 2013, apparently through a cellular modem. This signals the desire of some foreign nations to infect, and operate, US infrastructure. Although the attack happened in 2013, it was only in 2016 that the cyber-attack was affirmed and attributed to the hackers in Iran.
3. Ukrainian Power Outage
In December 2015, Prykarpattyaoblenergo, a power company located in western Ukraine suffered from a power outage that impacted large regional area including the regional capital Ivano-Frankivsk. As per the investigations conducted later, the attack was carried out by hackers using BlackEnergy malware that exploited the macros in Microsoft Excel document. The bug was planted into company’s network using spam emails.
All the three attacks succeeded because of the lack of awareness among employees of the respective firms. There is little doubt that attacks on industrial systems would continue. Infact, with increase in automation and connectivity to internet, the number of attacks would increase in future. That would mean increase in the number of successful breaches and subsequently the rise in the cost of cyber-attacks. To prevent cyber-attacks the focus should be on the employees. One small mistake and the entire organizational cyber security falls into jeopardy. That is why cyber situational awareness should needs to be inculcated among employees. Cyber hygiene needs to be made part of the work ethic and work culture. Only then we can expect a fool proof cyber security.