This Just In! - News, X-Pert Advice

New Ransomware Target Identified

Four Marketing Pillars to Build a Business, Compromised Email Accounts Revealed, scammers, New Ransomware Target Identified, Networking Etiquette, Is Your Home Router Hackable?, Cerber Ransomware Uses Dropbox to Avoid Detection, Almost Perfect Phishing Technique Now Active, Two-Factor Authentication Now Compromised, World Wide Ransomware, Microsoft Defends Against WannaCry Ransomware, OneLogin Secure Signin Service Breached, Petya Ransomware Flooding the World, Cogeco Phishing Attack Targets Subscribers, Home Renovation Tips, WPA2 wireless security, Windows Requirements for Meltdown and Spectre Updates, 4 Reasons A Small Business Owner With A CFO Mindset Can Succeed, WordPress Update Breaks Automatic Update Capability, RCMP Warn Wi-Fi Users to be Aware of Honeypots, CYBER FRAUD PREVENTION AND PROTECTION, Small Businesses Overspending on Cybersecurity Experts Say, Top Questions the CRA Gets at Tax Time, Windows 10 April 2018 Update Coming Soon, VPNFilter Malware has Affected Over 1 million Routers

New Ransomware Target Identified – Municipal Water Treatment Facilities

Industrial Control Systems, such as those that control municipal water treatment systems, air filtration systems, elevators and other similar equipment may become the latest ransomware target.

Hacking into control systems is nothing new.  The infamous Stuxnet virus was specifically created to identify and sabotage the Programmable Logic Controllers (PLC’s) that regulated the speed of centrifuges in Iran’s nuclear facilities.  This virus led to the destruction of several centrifuges, setting back the efforts of that nation’s quest towards nuclear capability.

Fast forward a few years, and the motivation for taking over control of critical devices has become financial rather than political.  The latest scourge to be effectively deployed by criminal enterprises is ransomware.

While ransomware has traditionally been used to scramble critical business data until a ransom is paid, researchers at Georgia Technical Institute have created a proof-of-concept attack that could be used to compromise critical command-and-control systems by interrupting or altering the normal operation of the PLC’s built into those systems.

Many people believe that such critical systems, due to security concerns, are not accessible via the internet. However, any system that includes remote monitoring capability, or even a mechanism to communicate with adjacent data processing or data logging equipment could be targeted by the same types of ransomware attacks that have previously been aimed at business and personal users.

If your company uses or produces equipment controlled by PLC’s you should ensure you have a plan to monitor and regulate access to the control logic, and enforce the use of effective security controls to limit both physical and computer access to those systems – lest you become a ransomware target.

Jack Eisenberg is the owner of Safe and Secure Computing and regularly monitors cyber security developments such as this one initially reported by Tech Republic.