Posted By Paul Tate, November 25, 2014 at 7:30 AM, in Category: Transformative Technologies
Recent revelations about the so-called “Regin” spying virus, plus new potential cyber threats to energy and national infrastructure systems, are pushing cybersecurity firmly back to the top of the manufacturing industry’s worry list.
The Regin virus has apparently been infecting systems around the world since at least 2008 and is now considered by industry experts at security company Symantec to be so sophisticated that it was probably developed by a national government organisation, although they’re reluctant to point the finger at a specific agency.
Since then, it has been used to spy on governments, infrastructure operators, businesses, researchers and individuals. Researchers have identified its use in 10 countries, mainly Russia and Saudi Arabia. ISPs and Telcos seem to be high on its target list so far but Symantec warns that “many components of Regin remain undiscovered and additional functionality and versions may exist.”
But if you think that alone is cause for concern, try this. A recent quarterly survey by computer security company PandaLabs estimated that around 20 million new malware strains were created in the third quarter of 2014 alone.
That’s an astonishing 228,000 a day - around 158 nasty new malware samples every minute!
“In these last months we have seen how cyber-crime has continued to grow,” commented Luis Corrons, technical director of PandaLabs, “Criminals haven’t ceased to create malware in order to infect as many systems as possible so as to access sensitive or confidential information.”
Of course, many of these may be considered relatively minor and non-critical. PandaLabs reckons that over three quarters of these new malware samples were Trojans, while only 9 per cent were the more threatening viruses and 4 percent were worms.
Corrons added that China topped the list of countries with the highest infection rates followed by Peru and Bolivia, while European countries were the most secure, most notably Sweden and Norway.
But there’s certainly no room for complacency among the global manufacturing community. Earlier this year Symantec also highlighted the existence of a family of malware called Dragonfly – also known by other companies as Havex, Energetic Bear, Crouching Yeti and Koala Team. This is apparently focused on industrial control systems in a similar way that the now-famous Stuxnet program worked in the past.
Dragonfly’s prime targets are the aviation, defense, energy and pharmaceutical sectors, industrial controls systems (ICS), and petroleum pipeline operators. It is designed to remain in the target network for the long term, gathering information through spear phishing (spoof emails seeking unauthorized access to confidential data) and watering hole attacks (infection via commonly used websites).
“The interesting thing about Dragonfly is that it targeted ICS information not for the purpose of causing downtime, but for the purpose of intellectual property theft, likely for the purpose of counterfeiting,” noted Eric Byres, CTO of Tofino Security, in September this year.
But there may be worse to come.
According to recent reports, the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has also now issued new alerts, and scheduled around a dozen meetings at FBI field offices across the country, to discuss the Dragonfly malware family plus a recently discovered new cyber threat called BlackEnergy.
This unpleasant piece of dark code is designed to infiltrate the software used to manage power grids and other infrastructure systems and can be used to damage, modify or disrupt associated industrial control systems.
That’s not simply a corporate threat. That’s a matter of national concern for any government around the world.
And let's not forget that most of the above threats have been focused on existing industrial technologies and systems so far. As the world enters a brave new age of pervasive embedded intelligence and the Internet of Things, cyber vigilance is going to be more important than ever, and at every level of industrial activity.
What’s your experience? Do you see manufacturing malware as an increasingly serious threat for the future of the industry?
Written by Paul Tate
Paul Tate is Research Director and Executive Editor with Frost & Sullivan's Manufacturing Leadership Council. He also directs the Manufacturing Leadership Council's Board of Governors, the Council's annual Critical Issues Agenda, and the Manufacturing Leadership Research Panel. Follow us on Twitter: @MfgExecutive