This is how hackers took down an entire power grid without breaking a sweat
The BI Intelligence Content Marketing Team covers news & research we think you would find valuable. This topic was originally highlighted and sent to subscribers of the IoT Insider newsletter.
The Internet of Things (IoT) is making our world more connected, but it’s also opening us up to more threats.
More information has come to light about a situation on December 23 that caused a power outage for more than 230,000 people in Ukraine for a few hours after hackers accessed the computers of three regional control centers of a Ukrainian power utility. This was the first time a hack had ever taken down a power grid.
An investigation into this hack has revealed that the hackers actually started their campaign months before the actual attack on December 23. They combed through the utility’s networks and stole multiple employee access credentials, according to WIRED.
After this, the hackers infiltrated the Supervisory Control and Data Acquisition (SCADA) network that controls the power grid. This network did not require multi-factor authentication for workers to log on remotely, which let the hackers metaphorically walk right in the door.
The investigation, assisted by the FBI and Homeland Security, revealed that the utility company actually did have a high level of network security in place during the attack that most peer companies don’t have, but it was still not enough to stop the hack.
And the effects of that hack are still very much present. The utility substations attacked are still not totally operational, as workers have to control the circuit breakers manually at 16 of them.
The investigation did not reveal who was responsible for the hack, but it did say that the hackers could have done more substantial damage, including physically destroying equipment such as power generators at the substations.
While it’s wonderful and convenient to be able to turn on all the lights in our smart homes with a voice command, hacks like these prove that the dangers of an increasingly connected world are extremely real.
If this hack weren’t evidence enough, consider the story last summer in which security researchers took control of the steering and transmission of a Jeep Cherokee traveling 70 miles per hour on the highway.
Hacks of this type help draw media attention to the dangers involved with vulnerable IoT devices, but they don’t illustrate all the ways that hackers can use these vulnerabilities in the real world. Hackers could potentially crash a compromised car, but they are more likely to exploit IoT devices to gain entry to corporate and government networks and databases.
Jonathan Camhi, research analyst for BI Intelligence, Business Insider’s premium research service, has compiled a detailed report on IoT Security that examines how vulnerable IoT devices will create new opportunities for different types of hackers. It also forecasts the market for solutions that can help secure IoT devices, and explains how different security measures can be used to protect these devices against hackers.
Here are some of the key takeaways from the report:
- Research has repeatedly shown that many IoT device manufacturers and service providers are failing to implement common security measures in their products.
- Hackers could exploit these new devices to conduct data breaches, corporate or government espionage, and damage critical infrastructure like electrical grids.
- Investment in securing IoT devices will increase five-fold over the next five years as adoption of these devices picks up.
- Traditional IT security practices like network monitoring and segmentation will become even more critical as businesses and governments deploy IoT devices.
In full, the report:
- Explains why IoT devices often lack basic security measures like properly encrypting communications.
- Forecasts the market for solutions that help secure IoT devices against attacks.
- Examines how different types of hackers could exploit IoT devices for financial gain, media attention, or to further a geopolitical cause.
- Explains how organizations can secure IoT devices at both the device and network level.
The choice is yours. But however you decide to acquire this report, you’ve given yourself a powerful advantage in your understanding of IoT security.
Source | BusinessInsider