During the fourth quarter of 2020, numerous ransomware and data breach events have affected businesses worldwide. While many people would believe that these criminals are using custom applications, a startling fact is that many of the exploit tools are publicly available.
Manufacturers are targets because numerous IT and OT technologies are in use that cannot be centrally managed or maintained. Criminals use these open source applications to scan for accessible device IPs and scan the discovered devices for vulnerabilities. You can be a victim or take calculated steps not to be a sitting duck.
Access Without Reservation
When it comes to the tools used by hackers and organized criminals, many would be surprised how easy it is to find or use them. Many popular hacking operating systems, such as Kali Linux or Parrot OS, are preloaded with many exploits and hacking tools.
Criminal organizations focus on newly disclosed vulnerabilities. As freshly published vulnerabilities appear on security forums, hackers and malevolent actors use the proof of concepts to create working tools. These tools are then publicly shared or privately sold on the dark web.
The source code for a popular commercial security tool called Cobalt Strike was recently stolen and released to the public using GitHub. While the software version is not the most current release, the source code included tools and exploits that can serve as a base for developing more effective tools.
Security professionals worry that more sophisticated attacks will happen with the release of the security tool source code. A few years ago, the infamous government agency’s security tools leaked to the public and security forums, where after that, the tools facilitated widespread attacks.
The most memorable incident was the Eternal Blue NonPetya attacks that plagued businesses worldwide during 2017. This vulnerability was so severe that Microsoft released patches for their operating systems, even for those versions no longer supported. Before the massive waves of ransomware attacks in 2017, the U.S. National Security Agency used the Eternal Blue exploit as a hacking tool for their operations.
Using open-source tools, hackers are aggressively exploiting vulnerabilities in manufacturing environments.What are popular tools that hackers use?
Some curious leaders inquire about the tools used by hackers and cybercrime organizations. While many of the best cyber security testing tools come with extravagant price tags, the more popular tools are often open-source software and free for use. Intezer Labs had recently released a report covering 129 open-source hacking tools to understand the popularity of the different tools used in various attacks.
Many remote access tools, such as Quasar, Powersploit, and Empire, come preloaded with the capabilities to inject malicious scripts into documents. These tools can also evade anti-virus detections, exfiltrate data out of the network, and create persistence to allow attacks later. Other tools, such as Mimikatz are so popular that Microsoft actively tests its security products against new or popular software variations to protect Microsoft customers from these attack methods.
Burp Suite is a favorite tool for exploiting businesses with web applications accessible through the Internet by many hackers. Burp Suite is an open tool for anyone but requires a pricey registration key for the professional version. This tool can identify security vulnerabilities within web applications while simplifying website mapping and brute force attacks.
How are these tools impacting manufacturers?
Compared to other industries in the global economy, manufacturing is one of the few business types often behind the grading curve regarding their devices and data security. Due to leadership teams’ mindset about cyber security being optional, many supply chain members operate critical business systems with out-of-date operating systems or software.
Tools like Metasploit and Cobalt Strike contain vast exploits that target outdated systems and technologies. Steelcase, a furniture manufacturing company, was hit with the Ryuk strain of ransomware in October. This malware uses Cobalt Strike to maintain connectivity to the machines while allowing the attacker to steal data or launch secondary attacks.
Previous versions of the Ryuk ransomware used the open-source tool Empire to establish a connection and perform network reconnaissance to understand better how many potential machines could be affected. Understanding that many manufacturing businesses are not secure is why cyber-attacks against manufacturing businesses have been on the rise.
Continuous threat identification and patching can help locate vulnerabilities before leading to a data breach.How can you protect your business from these exploit tools?
While there may not be a particular method to protect your business, keeping your systems and software up-to-date with security patches is the best method to minimize these tools’ effectiveness and impact on your company. Many tools being developed attack older operating systems that are not updated to fix defects in current versions. Updates should occur regularly, depending upon scheduled maintenance and probable loss. The frequency can vary on systems weekly, monthly, or even quarterly.
Beyond keeping your systems on supported versions and patched, you should implement a layered security model to address various threats. Visibility and protection improve with a unified threat firewall and logging of your network traffic. You can include advanced anti-virus software on all of your systems and evaluate how aspects of zero-trust could be helpful.
Firewalls can prevent devices on your network from communicating with malicious external servers while blocking known malware and viruses with advanced anti-virus software. Remember, security hardware and applications must remain updated to maximize effectiveness.
Conducting regular penetration tests and using a vulnerability scanner can help identify easily exploitable systems. While vulnerability scanners can help identify potentially exploitable systems, the penetration test can determine if the vulnerability is exploitable.
Finally, investing in security is wise if those investments correspond with a strategy and plan. Have you evaluated future losses from specific scenarios to determine where to make changes? Better decisions await for allocating limited resources. If you plan for growth and want to protect your reputation, controlling loss is imperative to your execution.
After being hacked, every business owner asks, why me? You have a choice. What would you like to do?
As a proud supporter of American companies, Certitude Security® is working diligently to inform leaders and facilitate essential asset protection priorities for manufacturers and supply chains throughout the United States.
Problem discussions can be a defining moment in your career. If you are interested in value creation, learn about SPOT-Beam™ by Certitude Security®. We look forward to helping you and your business succeed!