Copyright

Weaponization of Industrial Cyber Threats: Overview & Trends

Instructor: Srinivasa krishna Goparaju
In this lesson, we will briefly discuss what cyber terrorism is, how cyber threats can be weaponized and used to attack industrial systems, trends in such attacks and steps to counter them.

Cyber Terrorism

Imagine in one of the major hospitals in your city, the computers assisting complex and emergency surgeries, CT scanning systems, and diagnostic systems have suddenly stopped functioning. One of the possible reasons for this kind of disruption could be an attempt to sabotage the hospital network and systems with the intention to cause harm to the patients of the hospital. This is an act of cyber terrorism.

Cyber terrorism can be defined as an attack on computer systems or communication networks to exploit vulnerabilities and cause substantial damage to public/private properties, disruption in critical operations of infrastructure facilities, or significant human casualties/injuries, in order to realize political or ideological objectives.

A few examples of cyber terrorism are:

  • Causing a power outage by interrupting turbine operations in a power utility
  • Disrupting processes in oil refineries
  • Triggering false emergency alarms in sensitive areas such as military establishments or nuclear facilities
  • Bringing down the systems or communication networks in hospitals

Cyber terrorists are adopting more sophisticated methods, like weaponization of cyberattacks on industrial systems, to cause huge damage.

Weaponization of Industrial Cyber Threats

An 'industrial cyber threat' is the risk of cyberattack on industrial systems or networks, which may cause disruption in critical operations, major physical and/or financial losses, and in some cases human casualties. Increasingly, weaponized malware is used in these attacks, to sabotage a specific industrial system and cause maximum damage.

Weaponized malware consists of sophisticated software modules and delivery mechanisms with a specific target and a clear purpose. Some of the targets of weaponized malware are intellectual property, industrial designs, chemicals and formulas.

The modus operandi of a weaponized cyberattack on industrial systems consists of the following steps:

  • Identification of the target system and its vulnerabilities
  • Development of weaponized malware with the capability to operate without detection, mechanisms to override the host intrusion detection systems, the ability to operate on its own without depending on remote command and control, and the capability to re-infect the system if detected and removed
  • Delivery of the malware to the target system
  • Malware installation on the target system. Once installed, the malware will propagate itself to other systems in the network
  • Malware carries out the intended operation on the target, such as disturbing the network, disrupting mission critical operations, manipulating emergency controls, etc.

Example of a Weaponized Cyberattack on an Industrial System

Stuxnet malware is an example of a weaponized cyberattack on industrial systems. It affected Iran's nuclear program. Stuxnet disturbed the programmable logic controllers that control the centrifuges for separating nuclear material, and caused them to tear apart by fast spinning.

This attack proved that industrial systems are susceptible to cyberattacks, and that these attacks could alter an automation process by infecting systems within the industrial network and hiding their activity from monitoring systems. An analysis of trends in such attacks reveals that attackers are using advanced and sophisticated malware in cyberattacks on industrial systems.

Trends in Weaponized Cyberattacks

Wiper Malware:

Wiper malware is used to destroy systems and/or data, causing huge financial loss and damage to the reputation of the victim companies.

Fileless Malware:

This type of malware is used to infect target systems without leaving any trace on the local hard drive, thus escaping traditional signature-based anti-virus protection systems. Typical attacks exploit vulnerabilities in browsers and associated programs (Java, Flash or PDF readers), or via phishing efforts.

Advanced Persistent Threat (APT) Malware:

APT malware is used to steal critical information such as trade secrets, patents, product designs, chemical formulas, processes and control information, organization structure, financial data, etc.

Ransomware:

Ransomware is used to lock or shut down an organization's network and critical systems. Network normalcy is restored only when a certain amount of money is paid to the attackers.

Botnets:

Botnets are used to perform distributed denial-of-service (DDoS) attacks, steal data, send spam, and spread secondary malware across the network.

AI-enabled Malware:

Artificial intelligence is used in malware to automate target selection, or to check infected environments before deploying later stages in order to avoid detection.

To unlock this lesson you must be a Study.com Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use Study.com

Become a Study.com member and start learning now.
Become a Member  Back
What teachers are saying about Study.com
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? Study.com has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account
Support