During the fourth quarter of 2020, numerous ransomware and data breach events have affected businesses worldwide. While many people would believe that these criminals are using custom applications, a startling fact is that many of the exploit tools are publicly available.
Manufacturers are targets because numerous IT and OT technologies are in use that cannot be centrally managed or maintained. Criminals use these open source applications to scan for accessible device IPs and then scan the discovered devices for vulnerabilities. You can be a victim or take calculated steps not to be a sitting duck.
Access Without Reservation
When it comes to the tools used by hackers and organized criminals, many would be surprised as to how easy it is to find or use them. Many popular hacking operating systems, such as Kali Linux or Parrot OS, are preloaded with many exploits and hacking tools.
Criminal organizations focus on newly disclosed vulnerabilities. As freshly published vulnerabilities appear on security forums, hackers and malevolent actors use the proof of concepts to create working tools. These tools are then publicly shared or privately sold on the dark web.
The source code for a popular commercial security tool called Cobalt Strike was recently stolen and released to the public using platforms such as GitHub. While the software version is not the most current release, the source code included tools and exploits that can serve as a base for developing more useful tools.
Security professionals are worried that more sophisticated attacks will happen with the security tool source code's release. A few years ago, the infamous government agency's security tools leaked to the public and security forums, where after that, the tools facilitated widespread attacks.
The most memorable of this incident was the Eternal Blue NonPetya attacks that plagued businesses worldwide during 2017. This vulnerability was so severe that Microsoft released patches for their operating systems, even for those versions no longer supported. Before the massive waves of ransomware attacks in 2017, the U.S. National Security Agency used the Eternal Blue exploit as a hacking tool for their operations.
What are popular tools that hackers use?
Some curious leaders inquire about the tools used by hackers and cybercrime organizations. While many of the best cyber security testing tools come with extravagant price tags, the more popular tools are often open-source software and free for use. Intezer Labs had recently released a report covering 129 open-source hacking tools to understand the popularity of the different tools used in various attacks.
Many remote access tools, such as Quasar, Powersploit, and Empire, come preloaded with the capabilities to inject malicious scripts into documents. These tools can also evade anti-virus detections, exfiltrate data out of the network, and create persistence to allow attacks later. Other tools such as Mimikatz are so popular that Microsoft actively tests their security products against new or popular software variations to protect Microsoft customers from these attack methods.
For businesses with web applications accessible through the Internet, Burp Suite is a favorite tool for many hackers. Burp Suite is a tool that is open for anyone to use but requires a pricey registration key for the professional version. This tool can identify security vulnerabilities within web applications while simplifying website mapping and brute force attacks.
How are these tools impacting manufacturers?
Compared to other industries in the global economy, manufacturing is one of the few business types often behind the grading curve when it comes to the security of their devices and data. Due to leadership teams' mindset about cyber security being optional, many supply chain members operate critical business systems with out-of-date operating systems or software.
Tools like Metasploit and Cobalt Strike contain vast collections of exploits that target outdated systems and technologies. Steelcase, a furniture manufacturing company, was hit with the Ryuk strain of ransomware in October. This malware uses Cobalt Strike to maintain connectivity to the machines while allowing the attacker to steal data or launch secondary attacks.
In previous versions of the Ryuk ransomware, the open-source tool Empire was used to establish a connection and perform network reconnaissance to understand better how many potential machines could be affected. Understanding that many manufacturing businesses are not the most secure environment, this is why cyber-attacks against manufacturing businesses have been on the rise.
How can you protect your business from these exploit tools?
While there may not be a particular method to protect your business, keeping your systems and software up-to-date with security patches is the best method to minimize these tools' effectiveness and impact on your company. Many tools being developed attack older operating systems that are not updated to fix defects in current versions. Updates should occur regularly, depending upon scheduled maintenance and probable loss. The frequency can vary on systems from weekly, monthly, or even quarterly.
Beyond keeping your systems on supported versions and patched, you should implement a layered security model to address various threats. Visibility and protection improve with a unified threat firewall and logging of your network traffic. You can include advanced anti-virus software on all of your systems and evaluate how aspects of zero-trust could be helpful.
Firewalls can prevent devices on your network from communicating with malicious external servers while blocking known malware and viruses by the advanced anti-virus software. Remember, security hardware and applications must remain updated to maximize effectiveness.
Conducting regular penetration tests and using a vulnerability scanner can help identify easily exploitable systems. While vulnerability scanners can help identify potentially exploitable systems, the penetration test can determine if the vulnerability is exploitable.
Finally, investing in security is wise if those investments correspond with a strategy and plan. Have you evaluated future losses from specific scenarios to determine where to make changes? Better decisions await for allocating limited resources. If you plan for growth and want to protect your reputation, controlling loss is imperative to your execution.
After being hacked, every business owner asks, why me? You have a choice. What would you like to do?
As a proud supporter of American manufacturing, Certitude Security® is working diligently to inform leaders and facilitate essential asset protection priorities for manufacturing businesses throughout the United States. If you are interested in learning about the empowering services that Certitude Security® can offer, visit our website or coordinate a time to speak to a team member today.