The Radiflow Security Blog
Over the past few days we have witnessed an extraordinary increase in high-profile cyber attacks on multinational manufacturing corporations and critical infrastructure providers.
According to MalwareBytes‘ analysis, both incidents were targeted attacks using EKANS/SNAKE ransomware, which at least in Honda case caused various business disruptions including disruption to production line operations.
One of the interesting pieces of evidence found in this case was publicly exposed Remote Desktop Protocol (RDP) access, which revealed internal domains on both attacked organizations’ networks. The same domains were found in malware samples which were uploaded to Internet virus analytics services.
It should be noted that attacks by this ransomware family are becoming more and more frequent in manufacturing and other sectors.
Behind the news
Although most enterprises are experiencing economic slowdown, hacking activity against industrial organizations is constantly increasing. Specifically, such attacks can be attributed to organizations’ efforts to open their networks to external access for remote working, which in many cases this was done without installing proper cybersecurity measures. This can dramatically increase the threats not only to IT, but also to OT networks.
In addition, multinational enterprises should install additional measures to:
- segregate between various parts of the IT global network
- establish zones and restrict access between IT and OT parts
- deploy cyber detection systems on user management systems and high-privileged accounts.
Finally, cyber-risk management processes for core/critical industrial operations in ICS environments should be made an organic part of the CISO/Chief Risk Officer’s responsibility.