Cyber-kinetic attack

Last updated

Overview

Gas Control System with Integrated Display and Controller Gas Control Systems, INC PSA.jpg
Gas Control System with Integrated Display and Controller

A cyber-kinetic attack targets cyber-physical systems and causes direct or indirect physical damage, injury or death, or environmental impact solely through the exploitation of vulnerable information systems and processes. [1] Notable attacks in this category in the recent past have targeted critical infrastructure facilities such as water treatment plants, [2] nuclear power plants, [3] oil refineries, [4] and medical facilities. [5] According to the United States Department of Homeland Security, the most significant cyber security threats to the United States are those targeted at the nation's critical infrastructure and sponsored by criminal organizations that are sponsored by other nation-states. [6]

Crossing the cyber-physical divide

In the early days of computing, security threats were typically limited attacks that caused destruction of data, or degraded access to computing systems or hardware. However, the last several decades have seen technologies—ranging from supervisory control and data acquisition (SCADA) to Internet of Things—which describe objects embedded with sensors and software and utilize the Internet to exchange data.

Such a system is termed as a Cyber-physical system. Such systems cross the traditional divide between purely in-computer systems (software) and real-life systems (physical systems), with algorithms being autonomously able to control physical systems.

One of the most notably cyber attacks that had a physical impact, causing significant degradation of a target system, were the Stuxnet and Aurora worms.  The Stuxnet worm was first revealed in 2010 and specially targeted weaknesses in Programmable Logic Controllers (PLCs), devices in the SCADA category of systems.  Though it was never positivity attributed, it is widely believed that the malicious software was developed jointly by the United States and Israel to disrupt the Iranian nuclear enrichment facility at Natanz.  It has also been reported that Stuxnet and associated variants have infected more than 30,000 systems and had a lasting presence which was extremely difficult to eradicate and purify. [7]   Both malicious programs exploited Zero-Day attacks on Windows-based operating systems. [8]

As computing crosses the cyber-physical barrier, there is significant effort spent on 'smart' systems, for instance smart cities, smart homes, smart manufacturing and smart vehicles. In the context of cybersecurity, new threats are emerging that target these smart systems. The timeline of cyber-kinetic attacks attests incidents from as early as 1982.  Such attacks on information systems that can have physical world impacts are a complete shift in paradigms within the cyber security community, though not unheard of.  Many SCADA systems have been fielded up to 20 years ago have very little in the way of modern security protections that are instrumented.  

These types of attacks have the potential to bring a new dynamic forward in the concept of cyber warfare and the potential impact on electrical systems, financial systems, critical infrastructure, and communication systems.  Though, in reality, these types of attacks may have a closer relation to espionage or idealistically driven attacks, rather than overt warfare.  Cyber-kinetic attacks should not be confused with the simple denial of an information system, such as Distributed Denial of Service (DDoS) attack.  In these cases, such attacks merely deny access to an information system, where as a cyber-kinetic attack would deny access to a system by physically destroying part of a system or the entire system, rather than just communication access.  

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

SCADA is a control system architecture comprising computers, networked data communications and graphical user interfaces for high-level supervision of machines and processes. It also covers sensors and other devices, such as programmable logic controllers, which interface with process plant or machinery.

A blended threat is a software exploit that involves a combination of attacks against different vulnerabilities. Blended threats can be any software that exploits techniques to attack and propagate threats, for example worms, trojan horses, and computer viruses.

Security convergence refers to the convergence of two historically distinct security functions – physical security and information security – within enterprises; both are integral parts of a coherent risk management program. Security convergence is motivated by the recognition that corporate assets are increasingly information-based. In the past, physical assets demanded the bulk of protection efforts, whereas information assets are demanding increasing attention. Although generally used in relation to cyber-physical convergence, security convergence can also refer to the convergence of security with related risk and resilience disciplines, including business continuity planning and emergency management. Security convergence is often referred to as 'converged security'.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, multiple independent news organizations recognize Stuxnet to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.

In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application.

Control system security, or industrial control system (ICS) cybersecurity, is the prevention of interference with the proper operation of industrial automation and control systems. These control systems manage essential services including electricity, petroleum production, water, transportation, manufacturing, and communications. They rely on computers, networks, operating systems, applications, and programmable controllers, each of which could contain security vulnerabilities. The 2010 discovery of the Stuxnet worm demonstrated the vulnerability of these systems to cyber incidents. The United States and other governments have passed cyber-security regulations requiring enhanced protection for control systems operating critical infrastructure.

Duqu is a collection of computer malware discovered on 1 September 2011, thought by Kaspersky Labs to be related to the Stuxnet worm and to have been created by Unit 8200. Duqu has exploited Microsoft Windows's zero-day vulnerability. The Laboratory of Cryptography and System Security of the Budapest University of Technology and Economics in Hungary discovered the threat, analysed the malware, and wrote a 60-page report naming the threat Duqu. Duqu got its name from the prefix "~DQ" it gives to the names of files it creates.

Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).

SCADA Strangelove is an independent group of information security researchers founded in 2012, focused on security assessment of industrial control systems (ICS) and SCADA.

Cyber threat intelligence (CTI) is knowledge, skills and experience-based information concerning the occurrence and assessment of both cyber and physical threats and threat actors that is intended to help mitigate potential attacks and harmful events occurring in cyberspace. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence, device log files, forensically acquired data or intelligence from the internet traffic and data derived for the deep and dark web.

Operational technology (OT) is hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events. The term has become established to demonstrate the technological and functional differences between traditional information technology (IT) systems and industrial control systems environment, the so-called "IT in the non-carpeted areas".

A threat actor, bad actor or malicious actor is either a person or a group of people that take part in an action that is intended to cause harm to the cyber realm including: computers, devices, systems, or networks. The term is typically used to describe individuals or groups that perform malicious acts against a person or an organization of any type or size. Threat actors engage in cyber related offenses to exploit open vulnerabilities and disrupt operations. Threat actors have different educational backgrounds, skills, and resources. The frequency and classification of cyber attacks changes rapidly. The background of threat actors helps dictate who they target, how they attack, and what information they seek. There are a number of threat actors including: cyber criminals, nation-state actors, ideologues, thrill seekers/trolls, insiders, and competitors. These threat actors all have distinct motivations, techniques, targets, and uses of stolen data. See Advanced persistent threats for a list of identified threat actors.

Schmitt analysis is a legal framework developed in 1999 by Michael N. Schmitt, leading author of the Tallinn Manual, for deciding if a state's involvement in a cyber-attack constitutes a use of force. Such a framework is important as part of international law's adaptation process to the growing threat of cyber-warfare. The characteristics of a cyber-attack can determine which legal regime will govern state behavior, and the Schmitt analysis is one of the most commonly used ways of analyzing those characteristics. It can also be used as a basis for training professionals in the legal field to deal with cyberwarfare.

Havex malware, also known as Backdoor.Oldrea, is a Remote Access Trojan (RAT) employed by the Russian attributed APT group "Energetic Bear" or "Dragonfly". Havex was discovered in 2013 and is one of five known ICS tailored malware developed in the past decade. These malwares include Stuxnet, BlackEnergy, Industroyer/CRASHOVERRIDE, and TRITON/TRISIS. Energetic Bear began utilizing Havex in a widespread espionage campaign targeting energy, aviation, pharmaceutical, defense, and petrochemical sectors. The campaign targeted victims primarily in the United States and Europe.

Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.

Pipedream is a software framework for malicious code targeting programmable logic controllers (PLCs) and industrial control systems (ICS). First publicly disclosed in 2022, it has been described as a "Swiss Army knife" for hacking. It is believed to have been developed by state-level Advanced Persistent Threat actors.

References

  1. Ivezic, Marin (2015-03-31). "The World of Cyber-Physical Systems & Rising Cyber-Kinetic Risks - Marin". Cyber-Kinetic Security, IoT Security, CPSSEC by Marin Ivezic. Retrieved 2021-07-26.
  2. "Hacker tries to poison water supply of Florida city". BBC News. 2021-02-08. Retrieved 2021-07-26.
  3. Shalal, Andrea (2016-10-10). "IAEA chief: Nuclear power plant was disrupted by cyber attack". Reuters. Retrieved 2021-06-26.
  4. "Industrial Control Systems (ICS) | SANS Institute". www.sans.org. Retrieved 2021-06-26.
  5. "Medical Device Cyber Attacks: TV Plot or Dangerous Reality?". Drugwatch.com. Retrieved 2021-06-26.
  6. "Secure Cyberspace and Critical Infrastructure | Homeland Security". www.dhs.gov. Retrieved 2024-03-15.
  7. Greengard, Samuel (December 2010). "The new face of war". Communications of the ACM. 53 (12): 20–22. doi:10.1145/1859204.1859212. ISSN   0001-0782. S2CID   12917098.
  8. Matrosov, Aleksandr (September 2010). "Stuxnet under the microscope" (PDF). Retrieved June 26, 2021.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.