Cyber assaults pose a significant danger to businesses, governments, and other entities. Recent assaults on big corporates as well as private businesses highlight the extent of harm that hackers can cause. As we observe rising assaults in IT corporates, there is no exemption for operational technologies, here are few top OT Attacks in India and abroad that decimated the private businesses.
Oil India Limited Attack (2022)
Recently Oil India Limited was the victim of a cyberattack, and the hackers held it hostage on 22nd April 2022. The scope of the damaged systems was not immediately apparent, although a spokesperson who confirmed the issue stated production and drilling systems were not affected. The attack has resulted in a ransom demand of more than Rs 57 crore.
According to an Oil India spokesperson, there has been no data loss or theft, and the impacted systems have been decommissioned without harming the output. He also stated that the IT staff is striving to restore the affected systems.
Colonial Pipeline Attack (2021)
The destruction of one of the United States’ largest pipelines due to a ransomware has clearly demonstrated the real-world effects of a successful strike.
Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and mostly transports gasoline and jet fuel to the Southeastern United States, was hit by a ransomware outbreak on 29th April 2021. To limit the onslaught, the Colonial Pipeline Company suspended all pipeline operations. The East Coast’s customers and airlines were impacted by the closure. Because the pipeline transports oil from refineries to industrial markets, the intrusion was deemed a national security danger. As a result, President Joe Biden declared a state of emergency.
It was reported that on 29th April that hackers obtained access to Colonial Pipeline Co.’s networks using a virtual private network account.
The initial attack vector is unknown. It could have been an outdated, unpatched vulnerability in a system, a phishing email that successfully tricked an employee, the use of previously disclosed access credentials purchased or gained elsewhere, or any other number of strategies used by cybercriminals to penetrate a company’s network.
The FBI has established that the DarkSide is to blame for the assaults. The DarkSide appears to be unaffiliated with any nation-states, claiming in a statement that “our purpose is to generate money [not to create] issues for society” and that it is apolitical. DarkSide announced its closure in the aftermath of the pipeline assault.
Dr Reddy’s Attack (2020)
Amidst Covid-19, when the world was struggling for creating vaccination to defend against the virus, pharma giant Dr. Reddy’s Laboratories was struck by a catastrophic data breach. This comes only days after the pharmaceutical company gained authorisation from the Drugs Controller General of India to undertake phase 2/3 trials of the Russian vaccine in India. Plants in the United States, the United Kingdom, Brazil, India, and Russia were allegedly affected. Dr. Reddy’s Laboratories’ CIO stated that the business plans to resume all services within the next 24 hours. “We anticipate that all services will be operational within 24 hours and that this issue will have no significant impact on our operations.”
Kudankulam Nuclear Power Plant Attack (2019)
On 30th October 2019, the Nuclear Power Corporation of India Ltd. (NPCIL) stated that a cyberattack on the Kudankulam Nuclear Power Plant in Tamil Nadu happened in early September 2019.
Pukhraj Singh, a cybersecurity specialist and former employee of India’s signals intelligence agency, the National Technical Research Organization, tweeted that “domain controller-level access” had occurred at Kudankulam, and that “extremely mission-critical targets were hit.”
The KKNPP is India’s largest nuclear power station, with two 1,000-megawatt-capacity VVER pressurised water reactors constructed and supplied by Russia. Both reactor units supply power to India’s southern power system. The facility is building four additional reactor units of the same capacity, making the Kudankulam Nuclear Power Plant one of India.
According to Virus Total, a substantial amount of data from the KKNPP’s administration network has been stolen. If the latter is true, successive cyberattacks on the nuclear power plant may happen in future.
Cyberattacks on nuclear power facilities might have physical consequences, particularly if the network that operates the devices and software that regulate the nuclear reactor is hacked. This can be used to assist sabotage, nuclear material theft, or a reactor meltdown in the worst-case situation. Any radioactive spill from a nuclear site would be a catastrophic calamity in a heavily populated nation like India.
Kemuri Water Company Attack (2016)
While many assaults on water/wastewater, oil pipelines, and the food and beverage industries in the last year have demonstrated how vulnerable critical infrastructure is to determine threat actors, the alarm was raised long before that.
In March 2016, Verizon’s data breach digest detailed an attack on an unknown water facility called the Kemuri Water Company.
Verizon valuation study says that the hackers took advantage of a flaw in the payment application’s web server. This server contained the internal IP addresses and administrative credentials for the approximately 400 systems, from which the attackers are thought to have stolen 2.5 million records comprising customer and payment information. Experts have uncovered no evidence that fraudulent activity had occurred on the hacked accounts.
The hackers were able to access the software and change settings related to water flow and the amount of chemicals used to treat the water because the compromised systems also ran valve and flow control applications used to manipulate the utility’s hundreds of programmable logic controllers (PLCs).
The report says that an unidentified hacker connected to TeamViewer software on the workstation linked to the water treatment controls and considerably increased the quantities of lye in the drinking water. Fortunately, an astute plant employee noticed the workstation’s cursor moving on its own and performing unauthorized tasks, and the attack was thwarted.
German Steel Mill Attack (2014)
In 2014, a German steel mill was targeted with malware that gave the attackers access to the business network and then to the SCADA/ICS network. The event was confirmed by the German government’s Federal Office for Information Security (BSI) in an IT security report.
Attackers that appeared to particularly target industrial plant personnel, caused plant control components to fail, resulting in an uncontrolled furnace, which eventually caused physical damage to the steel factory.
According to a study issued by the SANS Institute, the hackers used spear-phishing attempts to obtain access to the steel mill network. The email most likely contained an attached document that, when opened, activated the malicious malware onto the system.
The malware then constructed a remote connection point to establish a bridge between the attackers and the targeted industrial network by exploiting vulnerabilities in a targeted operating system. The hackers were able to modify the programmable logic controllers (PLCs) at this stage, jeopardizing the furnace’s operations, which further lead to its own physical damage.
Suggested Read: How to identify your Business Security Needs and Requirements
Night Dragon Attack (2006-2011)
Operation Night Dragon was a non-sophisticated attack which used trojan RAT for targeting critical infrastructure. As reported in investigations the public facing websites were compromised using SQL injection and was used later the same was used to install RAT (Remote Administrative tools).
As Night Dragon is a Trojan backdoor with no worm infection capabilities, it cannot propagate itself. Attackers used a Trojan dropper file (.exe) on a Windows share to install Night Dragon on several PCs. They were able to combine social engineering with organised, targeted cyberattacks utilising trojans, remote control tools (RATs), spear phishing Windows operating system vulnerability exploits, and active directory breaches.
The assault sequence was carefully planned to obtaining executive, private information, such as sensitive competitive proprietary operations and project finance information concerning oil and gas field bids and operations.
At least 71 institutions, including defence contractors, enterprises throughout the world, the United Nations, and the International Olympic Committee, were targeted.
These assaults demonstrated how poor cybersecurity was and laid the groundwork for later attempts to grow into something more than just information theft. As proven by Night Dragon, attackers may now hack ICSs as well.
In Conclusion, Attackers have demonstrated that they can cause major incidents by hacking into control systems. On a broader note, ICS Malware can be weaponized. One needs to look at entire ICS/SCADA(OT) Security from a Holistic point of view to secure your critical infrastructure from above type of incidents. It should cover People-Process-Technology and entire Risk Management Lifecycle.
How Can Payatu Help You with Your OT Security Needs?
We provide a holistic OT assessment including maturity, compliance, risk assessment, and technical security testing to identify the security risks associated with your industrial systems. The service comprises threat analysis, business impact, risk grading, and remedy recommendations. Our evaluation follows security standards like NIST and ISA/IEC 62443.