2020-08-25 - Version 2

TÜV Rheinland and Ponemon Institute publish worldwide study on the Cybersecurity of industrial plants / Operational Technology particularly at risk / Holistic view of industrial plant security lacks / all information at https://go.tuv.com/otsurvey-2020

Cyberattacks can threaten the industrial facilities of companies even more than their IT systems. However, a holistic view of the security of industrial plants is often lacking. This is a key finding of a recent study on security in industrial companies by TÜV Rheinland and the Ponemon Institute.

Operational Technology in the sights of the hackers

Operational Technology (OT) is the main target for cyberattacks on industrial plants. These are devices and systems that control or monitor industrial processes – such as motors, pumps or valves. “OT systems differ in function and technology from classic corporate IT. At the same time, successful cyberattacks on OT systems often cause particularly high levels of damage to the companies affected”, explains Petr Láhner, Executive Vice President of the Business Stream Industrial Service & Cybersecurity at TÜV Rheinland. “We have therefore placed the Cybersecurity of Operational Technology at the center of our study, following on from the findings of the first study on this subject in 2019”.

Measures for IT and OT systems not coordinated

For the “2020 Study on the State of Industrial Security”, the independent market research company Ponemon Institute surveyed more than 2,200 cybersecurity experts worldwide from the automotive, health and pharmaceutical, logistics and transport, mechanical engineering, oil and gas and utility sectors. The Ponemon Institute, based in Traverse City, Michigan, is dedicated to independent research on information and privacy management in companies.

The following results show how much cyberattacks endanger OT systems:

More than half of the respondents (57 percent) say that their companies firmly expect attacks on OT systems.
Almost half (48 percent) are convinced that cyber threats pose a greater risk to OT systems than to the IT environment.
Almost two thirds (63 percent) of those surveyed stated that security measures for IT and OT systems are not coordinated in their companies.
For almost half of the respondents (47 percent), cyber threats to OT systems have increased over the past year. These include attacks such as phishing, social engineering and extortion software (“ransomware”).

“From our point of view, it is crucial that companies tailor their cybersecurity measures to the specific requirements in Operational Technology. For example, some control systems may have limited cybersecurity controls in place and could subsequently be vulnerable to cyber threats. To do this, companies have to assess their OT cyber risk and invest time and money for best effect. It is alarming that in the view of the experts surveyed, there are too few financial or professional resources available for OT security. In addition, a holistic view of the security of industrial plants is often still lacking. In an increasingly networked world, industrial plants are only really secure if both their IT and OT cybersecurity is addressed”, Láhner says.

The “Study 2020 on the State of Industrial Security” is available for free download at https://go.tuv.com/otsurvey-2020.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About TUV
The TÜV Rheinland is a leading provider of technical services worldwide. Since our foundation in 1872, we have been providing safe and sustainable solutions for the challenges arising from the interaction between man, the environment and technology.As an independent, neutral and professional organization, we are committed to working towards a future that can fulfil the needs of both mankind and the environment in the long term.

2020 TÜV Rheinland

BRATISLAVA – ESET has published a comprehensive overview of risks stemming from Thunderspy, a series of vulnerabilities in Thunderbolt technology, and possible protections. Via Thunderspy, an attacker can change – possibly even remove – the security measures of the Thunderbolt interface on a computer. As a result, an attacker with physical access to the target computer can steal data from it, even if full disk encryption is used and the machine is locked with a password or sleeping in low-power mode.

Thunderspy was discovered by Björn Ruytenberg, a computer security researcher, in May 2020. “While Ruytenberg’s research has received publicity because of its novel attack vector, not much has been said about how to protect against Thunderspy, or even determine whether you have been a victim,” points out Aryeh Goretsky, ESET Distinguished Researcher.

In his article “Thunderspy attacks: What they are, who’s at greatest risk and how to stay safe,” Goretsky briefly explains the technical background for Thunderspy but focuses primarily on practical methods to defend against it.

Thunderbolt-based attacks are very rare because they are, by their nature, highly targeted. “The fact a typical user will not get into an attacker’s crosshairs doesn’t mean everyone is safe. For many, following some of the admittedly draconian recommendations we describe in our article really makes sense,” comments Goretsky.

There are two types of attacks against the security that Thunderbolt relies on to maintain the integrity of a computer. The first is cloning the identities of Thunderbolt devices that are already trusted and allowed by the computer. The second is to permanently disable Thunderbolt security so that it cannot be re-enabled.

“The cloning attack is like thieves who steal a key and copy it. Afterwards, they can use the copied key repeatedly to open that lock. The second attack is a form of bricking a chip. In this case, permanently disabling Thunderbolt’s security levels and write-protecting the changes so they cannot be undone,” explains Goretsky.

Neither type of attack is done simply, since actual in-person access to the target computer is required, along with the tools to disassemble the computer, attach a logic programmer, read the firmware from the SPI flash ROM chip, disassemble and modify its instructions, and write it back to the chip. Such attacks are a type of “evil maid attack,” implying the scenario of the attacker entering a hotel room while the victim is not present to conduct the attack.

The necessity to physically tamper with the computer limits the range of potential victims to high-value targets. Some may be pursued by nation-state intelligence or law enforcement agencies, but also business executives, engineers, administrative personnel or even frontline employees may be targets of opportunity if the attacker has some commercial motive, such as industrial espionage. Under oppressive regimes, politicians, NGOs and journalists are also possible targets for advanced threats like Thunderspy.To defend against Thunderspy, just like any other hardware attacks requiring physical access to the system, it’s important to decide whether the goal of the defense is to make it evident that a physical attack occurred, or to protect against it.

Protection methods against Thunderspy attacks may be divided into separate categories. “First, prevent any unauthorized access to your computer. Second, secure all your computer’s relevant interfaces and ports, such as USB-C. Besides that, look beyond physical measures and also take steps to make your computer’s firmware and software more secure,” summarizes Goretsky.

The article “Thunderspy attacks: What they are, who’s at greatest risk and how to stay safe” contains many practical pieces of advice on improving the security against the theft of data by Thunderspy, including one that stands out as simple yet relatively powerful.

“Disable hibernation, sleep or other hybrid shutdown modes. Make the computer turn completely off when not in use – doing this can prevent attacks on the computer’s memory via Thunderspy,” recommends Goretsky.

Aside from all other security measures, users employ security software from a reputable provider that can scan the computer’s UEFI firmware, one of the locations where Thunderbolt security information is stored.

For more information, please read “Thunderspy attacks: What they are, who’s at greatest risk and how to stay safe” at WeLiveSecurity.com.

About Version 2 Digital

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET 2020

About Version 2 Digital

About Version 2 Digital

Hello!