Issue 7: From Zero-Day to Zero-Trust

by Smart Grid Forums on March 26, 2021

Cyberweekly No.7

The market for zero-day exploits is fast expanding and morphing into a highly organised, lucrative, and deadly industry. Once primarily the domain of hacking enthusiasts, zero-day hunting is now a high-stakes business with significant ramifications for just about anyone who operates an IT or OT environment such as the smart grid.
 
If you are planning an IoT everywhere grid of the future, if you are expanding your ecosystem of suppliers and contractors, if you are driving workforce efficiency and productivity, then you are expanding your attack surface, opening new doorways into your infrastructure, and positioning yourself as a prime target for zero-day attackers.
 
Whether the zero-day criminal is a nation state actor, a ransomware attacker, or a hacking enthusiast, matters not! What they all have in common is a high-risk appetite, the desire to wreak havoc, and the patience to enter one remote doorway such as that of your engineers’ or your maintenance contractors’ and slowly but surely make their way through your infrastructure until they reach their target and deliver their exploit - whether it takes weeks, months or years!
 
So, what exactly is a zero-day attack and how can it be avoided? Zero-day attacks are a severe threat because they target systems and software that are ubiquitous such as web browsers, operating systems and virtualisation solutions, and vulnerabilities that are previously unknown to the product owner so that they bypass anti-virus and anti-malware programmes that are based on signature-matching. The attacker will spend as much time as it takes to research the system or software, searching through millions of lines of code to identify the few weak ones that will enable them to gain a foothold in your infrastructure and take control of your operations. Zero-day exploits are bought and sold on the dark web through brokers whose job it is to match hunter with attacker.
 
So, what countermeasures will guard against zero-day attacks? As with any cybersecurity strategy there is no 100% guaranteed one-size fits all success approach, but rather a series of approaches and solutions that together have the potential to strengthen your cybersecurity posture and guard against the majority of zero-day attacks. Threat prevention systems and sandboxing tools will go some way toward isolating and disarming attacks, but to build significant levels of resilience across your organisation and infrastructure both in your IT and OT domains, on-premise and in the cloud, whether in the office or off-site, implementing a zero-trust IT architecture offers the most comprehensive and robust approach.
 
Zero-trust architectures are built on the mantra “never trust, always verify”. The outdated notion that everything inside an organisation should be trusted is turned on its head as it is now recognised that trust is itself a key vulnerability when you consider the damage that malicious insiders can do. With the understanding that the point of infiltration is often not the target location for a threat actor, a zero-trust architecture mitigates through: 1) network segmentation, 2) prevention of lateral movement, 3) layer 7 threat prevention, 4) granular user-access control. Zero-trust architectures put the control back in the hands of those who carry ultimate responsibility and accountability for keeping the lights on.
 
Please enjoy this week’s selection of news, views and resources below, and feel free to share this newsletter with colleagues in other departments, and peers in other organisations.

Kind Regards,

13491583329318294

Mandana White
CEO | Smart Grid Forums

News, Views & Resources

REPORT: RAND Corporation. Deterring Attacks Against the Power Grid.
Although the power grid has long been susceptible to natural disasters, deliberate attacks, and the problems of aging infrastructure, its vulnerability to attacks is increasing. Paralleling technological advancement in vital mission support systems, the ability of adversaries to exploit vulnerabilities through cyber means has expanded, creating considerable risk to the stable supply of electric power. Although threats to the power grid are by no means confined to state actors, many of these incidents have been attributed to nation-states. In this report, we focus on factors that deter actions by nation-states.
To read the report, click here!

ARTICLE: Hashedout. The Ultimate Guide to Zero-Day Attacks & Exploits.
Zero-day attacks are extremely common and topped WatchGuard’s list of the most popular types of network attacks in 2019. The report also found that zero-day exploits were responsible for half of all malware detections, a figure that increased 60% from the previous year. Likewise, the Ponemon Institute’s Study on the State of Endpoint Security Risk determined that 80% of all successful data breaches in 2019 directly resulted from zero-day attacks. These stats are no surprise when you look at how much danger zero-day exploits pose and how effective they are at helping cybercriminals achieve their goals. So, what are zero-day attacks exactly? Why are they so dangerous? How are zero-day exploits used? And how can the damage be minimized?
To read the article, click here!

REPORT: Forescout. Total Visibility: The Master Key to Zero Trust Security.
The Zero Trust model of information security is increasingly being adopted in both the strategies of enterprise security teams and the roadmaps of security solution developers – and with good reason. Perimeter-focused security architectures that default to high trust levels on the internal network are ill-suited for an edgeless enterprise that increasingly supports mobile and remote workers as well as vast numbers of IoT devices.
To read the report, click here!

REPORT: Forescout. Simple and Non-Disruptive Zero Trust Segmentation for OT.
Traditional approaches for securing OT (operational technology) devices on OT and ICS networks have long been dependent on maintaining the separation of industrial applications from IT networks and remote-access users. However, as OT organizations modernize their infrastructure with new technologies, such as Cloud SCADA, DCS and advanced Manufacturing Execution Systems (MES), traditional zoning strategies are no longer sufficient to keep OT environments safe.
To read the report, click here!

VIDEO: The Why Files. Stuxnet: The Zero-Day Virus that Prevented and Started the Next World War.
Cyberwar is being waged right now. Infrastructure around the world is under siege and everyone is at risk. In 2010, the Stuxnet virus was discovered in thousands of control systems that operate factories, power plants and nuclear reactors around the world. It was 20 times more sophisticated than any malware ever recorded. It could halt oil pipelines, destroy water treatment plants and bring down entire power grids. Stuxnet is back, stronger than ever. And we should all be concerned. Cyber-security experts knew Stuxnet wasn't ordinary malware thrown together by some basement hacker. This was something different. What security experts had discovered is called a zero-day exploit. A zero-day is so rare and valuable that you can actually sell it on the darknet for hundreds of thousands of dollars. Over 12 million viruses are catalogued every year. And, maybe, 10 or 12 zero-day exploits. So, it's a one-in-a-million occurrence. But Stuxnet contained *four* zero-day exploits. Eventually it was discovered that Stuxnet wasn't trying to steal passwords or data. It was actually targeting the software on Siemens programmable logic controllers, called PLCs. If you can hack these PLCs, you can take down an entire country without firing a single shot.
To view the video, click here!

 

CyberAware Webinar Series

Screen Shot 2021-03-02 at 13.49.00

 

 
 
 
 

Topics: CyberAware