State of ICT Security – Attackers take over SCADA controlled steelworks furnace and caused massive damage

The threat to online assets from attackers remains critical according to a report just released on the State of ICT security by the German Government.

Cloud Computing, mobile systems and big data are providing enormous economic prosperity, but have on the other hand opened up large attack surface for organisations.

The German Federal Department for Safety in Information Technology  has just released its annual “State of ICT Security” report for 2014. The German Government’s version of the bit of NSA that helps government and businesses protect themselves online is called the BSI. They are highly skilled and well respected.

As is usual for a government report it is turgid. However there is some really interesting stuff hidden in the morass.  I’ve picked out some of the gems and translated them here.

Complexity is killing information security

The report emphasises that complexity is exposing organisations to attack. Of particular concern is that Internet of Things (Systeme und Dinge) is now moving from the stage where it is mostly about observation of the environment to changing the environment.

Importantly, particularly in light of the Snowden expose, this report is not coming from either the US or UK and so gives a secondary source to some of what those governments are saying.

There are over 250 million individual varieties of Windows malware around now

Other observations which confirm what you may have seen in other places

  1. Spam continues to grow exponentially
  2. Malware is still growing and at least a million devices are being infected annually in Germany. The BSI estimates that the number of different types of Windows malware is at a staggering 250 million. This is up from around 180 million in 2013!
  3. The number of infected sites delivering ‘driveby exploits’ is growing substantially.
  4. Botnets are being used to steal identity information. There are more than one million devices under the control of botnets in Germany.
  5. Phishing continues to yield results for cyber criminals

Advanced Persistent Threats – an increasing threat for government and industry

Germany is constantly being cyber-attacked by foreign intelligence services. The BSI has installed improved sensor technology in the government’s networks following the revelations that came from Edward Snowden in 2013/14. There are a number of methodologies which the BSI has identified. This tallies quite well with some of the things Bruce Schneier has written recently about these issues

  • Strategic enlightenment – whereby the intelligence service identifies connections between various users to gain an intelligence picture
  • Attacks on key individuals – attacking system administrators for key systems to gain access.
  • Influencing Standards – By weakening standards, , the allegation has been that NSA individuals have influenced the NIST standards development process.
  • Manipulation of IT hardware and software – Well they would do that wouldn’t they.

The BSI notes that trusted insiders are being used to enable some attacks by intelligence services, criminals and activists.

This table is reasonably easy to read, even if you don’t understand German. It shows the prognosis (prognose) for threats over the coming year.

Schwachstellen = vulnerabilities
Schadprogramme = malware
Identitaetsdiebstahl = ID theft

Cyber threat prognosis

Casestudies

The report goes through a number of cases where the BSI was called to assist businesses. Here are two that are of particular concern.

Steelworks compromise causes massive damage to furnace.

One of the most concerning was a targeted APT attack on a German steelworks which ended in the attackers gaining access to the business systems and through them to the production network (including SCADA). The effect was that the attackers gained control of a steel furnace and this caused massive damages to the plant.

Dragonfly attacks a dozen companies

The Dragonfly hacker group attacked a number of companies’ SCADA systems and installed the malware ‘Havex’. This was used to gather information about the systems. No damage was done, because the compromise was detected and removed before the hackers had completed the observation and intelligence gathering phase.

Conclusion

It’s worth remembering that there are many other countries dealing with the cyber threat around the world. Germany has always been one of the leading non-UK CAN, US, AUS, NZ countries and it is interesting to see how they view the landscape.

You can download the original Document from the BSI – Bundesamt fuer Sicherheit in der Informationstechnik – in German “Die Lage der IT-Sicherheit in Deutschland 2014”  https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2014.pdf?__blob=publicationFile