Industrial cyber crime reaches 'pandemic proportions'
Cyber crime in the industrial sector has reached pandemic levels, as attackers stop at nothing to shut down power generation plants in cities, factories and mining firms.
This is according to Mike Bergen, business development director for Middle East and Africa at engineering services company GECI International, speaking at a GECI media round table in Johannesburg yesterday.
Discussing cyber crime trends across the globe, Bergen noted that crime statistics suggest more cyber criminals are turning their attention to organisations which specialise in energy, agriculture, construction, fisheries and manufacturing, using sophisticated social engineering attacks.
"Pandemic proportions: that's the only way I can describe the level of cyber crime in the industrial sector today. While cyber crime was traditionally about data theft and extracting ransom, today a lot of these attacks are hitting production plants, shutting down city operations and bringing an entire metro to its feet.
"According to the Federal Bureau of Investigation, there are about 4 000 cyber attacks a day occurring around the world. A large number of these are in the industrial sector. Moreover, there are around 230 000 new viruses and malware being introduced every month."
In today's competitive global market for commodities and manufactured goods, the reliance on natural resources for economic development and fluctuating geopolitical climates have contributed to making the industrial sector a huge target for cyber espionage campaigns, Bergen pointed out.
While physical safety is often a high priority area in industries such as agriculture, mining, oil and gas, there are a lot of vulnerabilities within their IT networks, which often use industrial Internet of things (IIOT) connected devices.
Among the many hacking tools is a new virus called Locker Goga, which has the ability to encrypt the most valuable files within an organisation, using a very complex algorithm, continued Bergen.
"Think about what could happen if cyber criminals shut down Koeberg Nuclear Power Station, which ensures a reliable supply of electricity? So, the higher the priority, the quicker those held at ransom are likely to make a pay-out.
"The motives vary from mere financial gains, to an attack orchestrated by a competitor, to cyber espionage where intellectual property is stolen and sold, to cyber sabotage, a deliberate and malicious act."
A Verizon report reveals 86% of cyber attacks experienced by manufacturing companies were targeted attacks. Nearly half (47%) of the breaches involved the theft of intellectual property.
In manufacturing cases, intellectual property is stolen by competitors with the intention to use it to replicate products and processes.
Bergen referenced one of the world's biggest aluminium producers, Norsk Hydro, which suffered production outages after a cyber attack affected operations across Europe early this year.
In 2017, pharmaceutical company Merck suffered a cyber attack, which cost the company $800 million after it shut down operations for days.
"Last year, in the US alone, cities like Baltimore, Charlotte in North Carolina, and San Francisco suffered huge damages after a ransomware attack in the metro targeted urban critical infrastructure and services."
These attacks are complex and well planned, often prepared over weeks or even months, where criminals conduct in-depth research of all devices, machinery and those in charge of the security within an organisation, he continued.
"The IIOT device explosion has seen a proportionate growth of the cyber threat landscape due to the new attack vectors that many insecure IIOT devices can introduce into the ecosystem.
"Organisations in the industrial sector should protect their systems by using defence solutions which not only address known viruses and malware, but also unknown new threats," concluded Bergen.