Since industrial networks are primarily built and expanded to meet growing business demands, it can be easy for administrators to overlook common system vulnerabilities. For example, when adding a device to a newly built or extended network, do you know which industrial Ethernet switches have unlocked ports? Or are you just connecting new devices without a second thought?
Keep in mind that ignoring common system vulnerabilities in today’s world could put your entire network at risk. The following scenarios summarize some common system vulnerabilities in industrial networks that can be exploited during the three main stages of a cyberattack: explore, use, and attack.
Stage 1: Exploration and Infiltration
Remember the last time you connected to your network. How complex was your password? While weak passwords may be easier for busy administrators to remember, they are also easier for malicious actors to crack during a brute force attack. Making it easy for an attacker to guess your network login credentials is like putting your house keys somewhere a thief can easily find.
Attackers usually exploit open ports on networks. For example, Ethernet switches act as gates through which information is sent and received on networks. If you leave the door open, intruders can enter directly. By scanning your network, hackers can identify open ports and infiltrate your network just like a burglar entering through an unlocked door.
How to mitigate: One of the easiest ways to improve the security of your network is to ensure that users create a password complex enough to reduce the likelihood of an attacker brute force guessing your credentials. For added security, you should also consider a failed login lockout mechanism that limits the number of failed login attempts, which may indicate a brute force attack. To protect your network from port scanning, you can whitelist ports accessible through your firewall and also disable WAN ping.
Step 2: Use and control of the network
During the second stage of a cyberattack, the malicious actor has already infiltrated the network and is using network resources for its own purposes. Even though they are not actively wreaking havoc on the network, they are secretly gathering information and preparing the ground for a more harmful attack.
For example, a hacker can use various scanning tools to learn more about your network topology so they can find their next target and gain access or control over more devices. The attacker can even use command injection to bypass authentication requirements or grant themselves higher levels of user privileges to execute forbidden commands and commandeer network devices for malicious purposes.
How to mitigate: To limit the attacker’s ability to roam your network and commandeer your devices, we recommend network segmentation and traffic control. For example, you need to partition your network into smaller segments and control the communications that pass through those segments. Additionally, deploying a whitelist control to prevent command injection can also limit the severity of the security flaw.
Step 3: Disruption of services and data
The theft or destruction of critical business data from networks will be costly and detrimental to any organization. However, these malicious actions are far from the worst-case scenario of a successful cyberattack. In the final stage of a cyberattack, the hacker no longer studies networks but actively causes damage.
During Stage 3 of a cyberattack, the attacker could render a machine or network resources unavailable to authorized users by temporarily or indefinitely disrupting services on a host. This is usually called a denial of service (DoS) attack, which involves flooding a targeted machine with the aim of overloading it with pings. Additionally, a hacker could release malware, including ransomware to block you from accessing your network resources until a ransom is paid.
How to mitigate: Although damage has already been done by the time the cyberattack reaches stage three, you can still mitigate the overall damage to your network by providing sufficient DoS or DDoS (distributed DoS attacks involving multiple systems) protection and deploying an IPS industrial for ransomware and other malware. . You should also maintain reliable system backups and blacklist unauthorized protocols to minimize data loss.
With cyberattacks increasingly targeting industrial networks, it is crucial to identify and mitigate system vulnerabilities before these weaknesses are exploited by those with malicious intent.
You can take two directions to improve network security. One is to ensure that your industrial networks have a basic secure network infrastructure, which allows authorized traffic to flow to the right places. Alternatively, you can identify critical assets and give them layered protection, such as industrial IPS or whitelist control.
To learn more about Moxa’s industrial cybersecurity solution, visit www.moxa.com/security.