Cyberattacks on SCADA in water and wastewater systems: Blockchain and IIoT Solutions
According to the information published by U.S. Cybersecurity and Infrastructure Security Agency [1], the U.S. Water and Wastewater Systems (WWS) sectors have been repeatedly compromised by ransomware attacks in the past two years. For example, A WWS plant in California was attacked by malicious cyber actors using the Ghost variant ransomware in August 2021. Three SCADA servers that showed the ransomware message led to the discovery of the ransomware strain, which had been in the system for nearly a month. In July 2021, cybercriminals infected a wastewater SCADA computer at a WWS plant in Maine with the ransomware ZuCaNo using remote access. In March 2021, cybercriminals attacked a WWS plant in Nevada with an unidentified ransomware version.
Due to the importance of the water treatment process, critical water sector activities might be the target of a cybersecurity attack that would have disastrous consequences on public health and safety, put the nation’s security in danger, and need expensive recovery and remediation work to deal with system problems and data loss.
SCADA and Ransomware
SCADA is a control system architecture that consists of computers, programmable logic controllers (PLCs), networked data transfers, and human-machine interfaces (HMI) for high-level machine and process supervision. It also includes sensors and infrastructure that provides communication between with sensors, devices and process plants. By utilizing various novel strategies, cybercriminals try to make money from operational technology (OT) breaches, such as selling access to SCADA networks and ICS operators with malicious software (e.g. ransomware). In order to prevent a person or organisation from accessing data on their computer, ransomware as a form of malware is designed to encrypt these files and demanding a ransom payment for the decryption key. By collecting sensitive data from victims’ computers before encrypting it, some ransomware variants have added additional functionality (i.e. data theft) to provide further incentive for victims to pay the ransom.
How is SCADA vulnerable to ransomware?
Ransomware, like any malware, can gain access to an organization’s systems in a number of different ways. However, ransomware operators prefer a few specific infection vectors such as:
- Phishing emails: A malicious email may contain a link to a website hosting a malicious download or an attachment that has downloader functionality built in. By clicking on the email, the ransomware is downloaded and executed on the victims’ computer.
- Taking advantage of services such as the Remote Desktop Protocol (RDP): An attacker who has obtained the login information of an employee by theft or guesswork can use that information to log in and remotely access a computer connected to the company network. This access helps to download and execute the malware on the machine, which is under their control.
Blockchain and IIoT Prevent Ransomware Attacks
Strategies such as cyber awareness training and education among the users, continuous data backups, patching and keeping the software up-to-date, and user multi-factor authentication are among several suggested solutions to mitigate the effects of ransomware. However, in traditional network structure, such attacks are unavoidable. The main thread is that SCADA systems generally are in the form of local network and thus, accessing one of the nodes of the network means getting access to the whole network. Although, there are still companies using SCADA, it is definitely not secure anymore. Some alternative options and technologies to avoid such attacks are IIoT and Blockchain. In the fight against ransomware, Infilock is offering systems to its customers based on these technologies. Visit our website for more information.
References
[1] https://www.cisa.gov/uscert/ncas/alerts/aa21-287a