Cybersecurity researchers have revealed the development of a new, custom form of ransomware targeting industrial systems (SCADA). The malware and subsequent attack on a simulated water treatment plant were designed to highlight how cyberattackers could disrupt key services which cater for our critical needs, such as energy providers, water management utilities, heating, ventilation and air conditioning (HVAC) systems or escalator controllers. IT security experts from NSFOCUS, AlienVault and ESET discuss this potential new threat.

Stephen Gates, Chief Research Intelligence Analyst – NSFOCUS International Business:

“One of the greatest threats to SCADA implementations and the industrial control systems (ICS) they regulate, is the loss of view and loss of control over these critical components.  Anything that causes a denial of service for operators can result in some pretty scary scenarios.  From systems running completely out of control on their own, to operators making wrong decisions due their loss of view, these situations are disasters in the making.  Due to the primitive security measures implemented on most ICS technologies, and the antiquated operating systems and applications in use, the likelihood of a ransomware infection is quite higher than most would like to admit.”

Javvad Malik, Security Advocate at AlienVault:

“We’ve seen ransomware grow rapidly, and there is growing attraction to hit more critical targets such as hospitals that are more likely to pay larger sums quickly.

In that regard, it is no stretch to imagine attacks against SCADA systems are on attacker wish-lists. However, many attackers will be concerned about the level of scrutiny such an attack could place on them. Many ransomware attackers are cybercriminals wanting to make some money in an easy manner, and probably don’t want the attention associated with being labelled a ‘cyber’ terrorist or having declared an act of war.

Another reason why we possibly haven’t seen such attacks is that SCADA systems have typically been segregated and not publicly accessible. However, there are several factors that indicate that the likelihood of such an attack will increase over time. The scope of what is deemed critical national infrastructure is ever-increasing. 

There is an increased reliance on the internet to keep systems running which results in more systems being exposed. There is also the drive towards ‘smart cities’ which will further expose critical systems to the public internet. What this means is that even if  attackers can’t compromise SCADA systems directly, they can likely compromise systems that SCADA rely on, thus having a similar effect.”

Mark James, IT Security Specialist at ESET:

“Any threat that can have real world consequences is something that needs to be addressed and monitored closely. A lot of the malware we see and hear about is designed in such a way that it spreads and propagates looking for viable targets, but targeted malware is very different. Usually targeted malware is configured and aimed at a particular industry or sector. With so much of our industry digitally operated or maintained this could prove in its worst case scenario very bad indeed. But the same rules apply to any area that may be the target of ransomware, it has to be installed and it has to be able to gain complete control. With the right levels of security we can limit its attack vector and have mechanical failsafes to override anything software can instigate. All environments in our digital world are susceptible to attack and need to be protected. Making sure operating systems, applications and security programs are kept up-to-date is one of the first lines of defence and one that often is overlooked or just not possible on bespoke systems designed to do a single task or job.”