In mid-May 2017, numerous companies were attacked by a network cryptoworm called WannaCry. The worm’s victims include various manufacturing companies, oil refineries, city infrastructure objects and electrical distribution network facilities.
At least several dozen computers that are part of industrial control systems (ICS) were infected by WannaCry, according to the IT security product company Kaspersky Lab. The firm’s ICS Computer Emergency Response Team (CERT) has published a paper on the global WannaCry ransomware attacks and ICS.
The WannaCry crypto-worm relied on the internet for distribution. Exploiting a Windows vulnerability, it would spread rapidly through internal networks, taking advantage of open connections and poor security. In principle, the paper sets out, it should be impossible for WannaCry to infect an industrial network via the internet; because of closed networks, and firewalls and protocols.
However, there are typical industrial network configuration errors, which have led to WannaCry infections, according to the firm. For example, segments of an industrial network are often connected to each other via the Internet due to large distances between them or issues related to hardware locations. In such cases, the chances of a successful attack depend on the way in which the connection is set up. Or, devices are used to set up direct mobile internet connections for computers on the industrial network, bypassing the network perimeter. USB modems are most commonly used for these connections.
The paper also offers ways to avoid accidental infections. For the report in full visit https://ics-cert.kaspersky.com/reports/2017/06/22/wannacry-on-industrial-networks/.
