News

The functionality of Ramsonware in relation to extension networks

"WannaCry is a so-called crypto-worm, which means that the malware uses cryptographic methods to encrypt the data of the infected system and at the same time spreads "worm-like" and infects networked components. To accomplish this, the malware first established a base of operations on a Windows system in the network by exploiting the vulnerability CVE-2017-0144." -www.sichere-industrie.de

Analysis of the risk potential of Trojan-Ramsonware using the example of WannaCry

"In 2017, a crypto-worm known as WannyCry infected thousands of Windows computers worldwide within a few hours. WannyCry, and a few weeks later the related encryption Trojan NotPetya, made the leap from Windows-dominated office networks to production networks. NotPetya in particular caused damage amounting to several billion euros worldwide and brought production in some companies to a standstill, sometimes for several months. Find out here why threats like WannaCry are so dangerous." - www.sichere-industrie.de

Basic steps for the successful introduction of a monitoring solution in the system network

"After the last article dealt with the general advantages of network anomaly detection in automation networks, in this article we will show you which steps to consider when introducing it. We will look at the basic requirements for network anomaly detection solutions, the two phases of integration and how to decide where best to place them." - www.sichere-industrie.de

The benefits of anomaly detection in the industrial network and tips for successful implementation

"Reports of malware infections and targeted attacks on industrial plants and automated systems are on the rise. Of course, the reports only consider the cases that are actually detected in the company. According to the Bitkom study "Economic protection in the digital world", which surveyed 1069 companies, 12% are actually affected by "digital sabotage of information and production systems or operating processes". A further 29% are probably affected - by far the largest number of unreported cases. It can be concluded from this that companies do not yet have the necessary visibility of their systems and networks to make reliable statements about whether an attack has actually taken place." - www.sichere-industrie.de

Support decisions based on security assessments of components

"The TeleTrust test scheme takes into account both the approach of an integrator or system planner and, of course, that of a manufacturer. In principle, IEC 62443 is designed to be system-centric, as the safe operation of the systems is the central objective. However, this also means that the respective components in the systems require corresponding technical capabilities and that these must be implemented in a way that is resistant (e.g. to attacks or misconfiguration). However, this cannot be taken for granted today." - www.sichere-industrie.de

These procedures can be derived from IEC 62443 for manufacturers, operators and system planners

"The IEC 62443 standard is a holistic approach to industrial security in the automation sector. ... In Part 2, you will receive an overview of the procedures that are implicit for the three basic roles of integrator, manufacturer and operator. We also take a critical look at the advantages and disadvantages of the current version." - www.sichere-industrie.de

The basic concepts from IEC 62443 such as Defense-In-Depth, Zones and Conduits and Security Level explained

"The importance of industrial security in the automation context is increasing, both due to serious security incidents (e.g. ransomware) and increasing regulation (e.g. EU Cybersecurity Act (CSA)). It may still be possible to avoid the issue at present, but every project, whether before or after commissioning, is soon caught up in it. For this reason, the following questions are increasingly being asked during the project initiation phase:

What is a resilient and sustainable approach to industrial security?
How can you prove that those responsible have fulfilled their duty?
How should one deal with the constantly changing parameters and attack vectors?
Are there measures that must always be implemented regardless of the scenario?
There is also the question of how measures can be prioritized in the first place." - www.sichere-industrie.de