So what about IIoT?

In honor of the relaunch of the Veritas Titus blog, I am going to launch a new series of posts regarding the Industrial Internet of Things (IIOT).

Have you been wondering what exactly is IIoT? We all receive a lot of emails and webinar requests with IIoT technical details but very little substance on what IIoT really means to manufacturing companies. Historical perspectives, emerging threats, and business impact are important IIoT knowledge areas to understanding the phenomenon. So, over the next few weeks, I’ll break down IIoT into the following topic posts: historical perspective and defining IIoT, emerging IIoT cybersecurity threats, industry-related attacks and vulnerabilities, and how to protect the plant.

Subscribe and keep reading!


Seven Cybersecurity Myths Busted

Cybersecurity threats are changing and becoming more sophisticated. In 2012, we saw constant and continued innovation from cybercriminals. With a constantly changing online world and security landscape, it seems most people are still confused about existing threats and their impact, as well as what they can do to protect against cyber attacks. To help clarify some issues, I set out to debunk some of the biggest false myths people believe about cybersecurity issues.

Myth #1: Viruses and other malicious software (“malware”) only affect computers and laptops.

Reality: Mobile malware, which affects smartphones, tablets and other mobile devices, increased by 58 percent last year. This malware can steal information such as phone numbers and e-mail addresses (32 percent of the time), or use the phone’s GPS to track the user (19 percent of the time).

Myth #2: I can’t get a virus or be attacked on popular social networking sites.

Reality: Many well-known social networks, including several of the newest ones, are prime targets for scammers, with 56 percent of social media attacks involving fake gift cards and survey scams.

Myth #3: Apple products aren’t susceptible to viruses and online attacks.

Reality: While hackers still primarily target PCs, more than 600,000 Mac computers were infected by one attack last April; just one example that no operating system is safe from online threats.

Myth #4: Free antivirus software on my computer provides complete protection.

Reality: “Ransomware” (which cybercriminals use to lock you out of your computer unless you pay their “ransom”), is one example of the trend toward increasingly vicious malware, which is known for being harder to undo, more aggressive and more professional than other malware. This malware requires protection beyond what basic, free antivirus software can offer.

Myth #5: It’s easy to tell if a site is fake-typos or foreign characters are dead giveaways.

Reality: Many spoofed sites today look exactly like the websites of legitimate brands, down to the smallest details. Additionally, the number of fake sites that imitated social networks more than doubled in 2012.

Myth #6: My computer won’t get infected since I don’t visit risky sites.

Reality: Sixty-one percent of malicious sites are actually legitimate websites that have been compromised and infected with malicious code. Business, technology and shopping websites were among the top five types of sites hosting infections.

Myth #7: I’ll know right away if my computer is infected.

Reality: Cybercriminals today rely on stealth-the longer they’re on your machine undetected, the more damage they can do. Your computer could even be part of a “botnet”-a network of remotely controlled computers that send spam e-mails or participate in widespread attacks-and you might not even know it.

Protecting yourself doesn’t have to be complicated. By continuing to educate yourself about online threats, taking advantage of available security resources and following the simple tips below, you can protect yourself against cybercrime.

•Use complex and unique passwords for each site, including upper- and lowercase letters, numbers and symbols.
•Stick to trusted websites when possible. When purchasing items online, check for security marks on the site before entering in your payment details.
•Limit your sensitive transactions when using public Wi-Fi networks or use a Virtual Private Network (“VPN”). Wi-Fi networks can allow other people to more easily snoop on your activity.
•Never click on links or open attachments from people you don’t know. Also, if you receive a strange message from a friend, take a moment to verify it-it’s possible his or her e-mail or social networking account was hacked.
•Make sure you protect all your devices with a comprehensive security solution, like Norton 360 Multi-Device.

Rat Causes Extended Black Out at Atomic Plant

The Tokyo Electric Power Company’s Fukushima plant in Tokyo, Japan experienced a partial loss of cooling systems. Initially, the problem was thought to be a faulty switchboard; however, a dead rat found inside the faulty switchboard indicated the rat was the cause of the problems rather than the switchboard itself as previously thought. The rat gnawed through the cables, which caused the outage and the rodent’s untimely demise.

The problems with the switchboard for the power failure that began Monday, cut off the flow of cooling water to four pools used to store more than 8,800 nuclear fuel rods. It took the plant almost a day to restore cooling to the first of the affected pools, with cooling of the final pool resuming early Wednesday. It will take two days for the pools to return to normal temperature.

Four Types of URLs Used in 2013 BlackHole Spam Campaigns

Trend Micro researchers outline four kinds of URLs used in spam campaigns using the new version of the BlackHole exploit kit.

First, WordPress URLs, which show an HTML file stored in the “wp-content” directory of a website. However, WordPress themes are not HTML files, so when users see such URLs, they should immediately know something is wrong.

The second types of URLs use a dictionary word as the directory name, such as: {compromised site}/{dictionary word}/index.html. The dictionary name is used instead of a random string and it is more difficult for a user to establish if the link is legitimate or not.

Other links used in BlackHole spam runs use dictionary words for the file name: {compromised site}/{dictionary word}.html.

The fourth types of URLs used by cybercriminals are not actually URLs. The attacker attaches an HTML file to the spam email. When it’s opened, the file redirects the victim to the exploit kit (hacked websites or domains that they’ve registered for free). The campaign is more efficient because it is not so easy for security solutions to identify the threat if legitimate domains are used.

On a positive note, free Web-hosting providers whose services are abused by cybercriminals are doing a decent job of taking down the malicious domains.


Chinese Hackers Prefer Attacking ICS Targets

A recent study by Trend Micro revealed that an operating that used false industrial control system (ICS) ‘honeypots’ collected information on ICS attack techniques, and noticed differences in attack types by country.

For its study, Trend Micro set up three separate honeypots, which looked like industrial machines, connected to the Internet. One was based on Amazon’s public cloud, another on a private Dell server, and the third was an actual Programmable Logic Controller (PLC) controller. Over a 28-day period, the honeypots were attacked 39 times from 11 different countries. China accounted for the majority of the attack attempts at 35 percent, followed by the US on 19 percent. The attacks included malware exploitation of the servers. An overwhelming majority of the attacks were attempts on the PLC.

The results of this study show the importance of not connecting ICS and their networks to the Internet. Hackers are aware of the ICS vulnerabilities and will exploit them given the opportunity, which they are actively seeking.

Not Even NIST is Safe from Hackers

The National Institute of Standards and Technology (NIST) took down several of their Web sites, including the National Vulnerability Database (NVD) after malware was found on them. Sites were down for a couple of days after the hack and malware was confirmed on the servers. Prior to the hack, the sites ran on Windows Server 2008 and IIS 7.5, but after the breach, starting with March 9, it has been running on Linux and Apache.

Update: The breach took over a week to resolve, but all NIST sites are up and running again. No critical information was deemed stolen or missing from the compromised sites.

Former Company President Hacks into Controls Network

A 61-year-old from man in Texas was convicted for hacking into his former company’s industrial control network. The gentleman was the former president of the transportation and logistics company. He conspired with outside actors to access his former employer’s networks to obtain proprietary information related to the company and processes, as well as to take action against the company’s operations.

This incident stresses the need for implementing best practices when employees and contractors leave a company – voluntarily or terminated. Old credentials should be removed immediately. To protect the network, OS network mapping tools should be disabled. Additionally, appropriate separation of the enterprise and control network should be implemented – including DMZs.

Dallas Named Worst ISP ‘Hood in the World

Dr. Giovane Moura of the Netherlands named Dallas the phishing capital of the world. According to Dr. Moura, ISPs based in Dallas, Texas carriers for more phishing attacks than in any other city with 107 sources. Dallas was followed by Chicago, Provo (in Idaho), Houston and Montreal, Canada. The distribution of the sources of phishing attacks is correlated with the number of data centers in each location. The IP address linked to a phishing attack or spam email does not necessarily reveal where the people behind it are based, just where the IT infrastructure they use is located.

Moura cites three reasons why an ISPs maybe associated with a high number of spam emails or phishing attack.

“1. Some Internet service providers (ISPs) neglect malicious activities in their networks

2. Whenever a host is infected by a malware, it is more likely that this malware is going to succeed in infecting neighboring hosts belonging the same badly managed network than hosts in well managed networks

3. Non-technical local factors may contribute, such as the rate of software piracy, legislation, culture, economic, education level in a country.”

Finding out where the ‘bad neighborhoods’ are on the Internet – i.e. ISPs that are most commonly associated with spam and phishing – allows companies to block IP addresses that may be risky to their enterprise and control networks.