Rethink Cybersecurity: Secure Your Industrial Enterprise

By Sam Liao

Chief Technology Officer

Winmate Inc.

November 16, 2020


Rethink Cybersecurity: Secure Your Industrial Enterprise

Computer criminals, or hackers, are launching ransomware attacks targeting industrial control systems (ICS).

The majority of industrial enterprises have faced increasing cyber threats since the start of the COVID-19 pandemic in March. Computer criminals, or hackers, are launching ransomware attacks targeting industrial control systems (ICS). According to computer and information research scientists, it is the first instance of file-encrypting malware built to directly infect computer networks that control operations manufacturing and utility environments. Per a new research from Claroty, in terms of industries, globally, the respondents ranked pharmaceutical and healthcare, oil and gas, electric utilities, manufacturing, and building management systems as the top five most vulnerable to attack.

What is ransomware?

Ransomware is considered one of the fastest-growing malware hazards of the 21st century. This malware infects a computer and could display messages demanding payment for the system to function again. This is a criminal money-making scheme that can be installed to the computer through misleading or deceptive links in an email message, instant message, or website. Once the malicious software is in a system, it encrypts data files and then shows a ransom note demanding an online payment to be paid in cryptocurrency like Bitcoin in return for decryption keys required restore the user's locked files.

Ransomware attacks on industrial enterprises

According to new research from Microsoft, attackers exploit the increased exposure to hackers and have launched COVID19-themed cyberattacks in 241 countries and territories. Microsoft is tracking around 60,000 coronavirus-related malicious attachments or URLs daily. No network is secure from the potential of attack. Most of these attacks affected the company's communications systems, including email, which had to be temporarily disconnected to stop the spread. During the attack, the attackers can obtain critical confidential information on the company's billing, contracts, transactions, clients, and partners.

How can you get ransomware?

The most general way of getting ransomware is push-emails containing malicious attachments or through drive-by downloading. A drive-by download typically makes most of an internet browser, application, or running system that runs all day and has protection imperfection. Drive-by downloading occurs when a customer unwittingly goes to an infected internet site, and then malware is downloaded and installed without the customer's knowledge.

Crypto ransomware is malware software that encrypts files and spread with comparable approaches. It has been spread with social media, such as Web-based instant messaging applications. Furthermore, more recent forms of ransomware infections have been observed. For example, prone Internet web servers have even been exploited as an entrance point accessing an organization's network.

Some of the best practices for ransomware protection, including regular backups and keeping software up-to-date, do not apply to most connected devices. Many IoT manufacturers are sluggish when it comes to releasing software patches. Because modern enterprises tend to rely on IoT devices to run operations more than ever before, a spike in ransomware attacks on connected devices may occur.

How to protect your business from ransomware?

When attackers keep finding new innovative ways to drive revenue to the cybercriminal enterprise, industrial enterprises should keep up by improving cybersecurity programs and measures.

When planning defensive methods, IT departments should recognize that the cost of a ransomware strike goes far beyond extortion payment. A continuously expanding listing of preyed on companies have reported that costs connected with an assault, downtime, lost sales possibilities, mad consumers, the cost of strike reduction as well as healing, damages to business brand credibility, charges for unmet contractual obligations to consumers, and fines for non-compliance make the price of the ransom look insignificant.

The first step to protect your enterprise is to start informing staff members on the strategies that ransomware distributors use; showing them to be mindful of the online ads and email links they click, the web sites they check out, as well as the accessories they open.

The second step is to install essential malware detection software on each computer. Use the latest anti-virus systems (AV) and security updates to provide basic security, even though anti-virus systems do not defeat common malware reliably, because attacks are launched way before anti-virus signatures are available the specific attacks.

And the third step is to use security measures that do reliably defeat a specific class of attack. Some of the measures include:

  • Prevent phishing attacks – use two-factor authentication based on RSA-style password that dongles reliably to defeat remote password phishing attempts.
  • Use software encryption -Trusted Platform Module (TPM) chips use a mix of software and hardware to protect critical passwords or encryption keys when sent in this unencrypted form.  The use of TMP reliably defeat attempts to search compromised equipment's memory and persistent storage to steal encryption keys.
  • Use unidirectional security gateways – to prevent malware and botnets from attacking your computers, use unidirectional security gateways – a combination of hardware and software – that replace firewalls in industrial network environments and provide the required level of security to control systems and operations.

For industrial organizations going through a digital transformation, security danger goes well beyond a single attached thing or database. The entire prolonged electronic business becomes linked, consisting of the supply chain and also companion ecosystem. Industrial enterprises should also implement security solutions that enable advanced threat protection. Now it is time to rethink cybersecurity as a strategic organization concern and not just an IT decision.

About the Author

Sam Liao serves as Chief Technology Officer for Winmate Inc. A technology veteran with a expertise in product design and engineering, Sam handles the latest technologies and innovations and leads Winmate’s product research and development teams across the company and works closely with customers and partners.