A SolarWinds-style Attack Has Happened Before-Cybersecurity Lessons Learned | SPONSORED
A SolarWinds-style cyberattack happened back in in 2013-14 that affected big government agencies and thousands of companies. What should we have learned from the Dragonfly/HAVEX attack?
Software Infiltration
A cyberattack group called Dragonfly attacked power plants and industrial sites, employing a very similar tactic to SolarWinds. “The technique of injecting into a supply chain is absolutely identical,” said Eric Byres, CEO of cybersecurity company aDolus.
Dragonfly hit three companies in Europe that made software for plants, infiltrating and contaminating some software available for download. When plant employees downloaded the software, they also downloaded malware known as Havex, which was designed to target industrial control systems, according to Erik Hjemlvik of Netresec.
The malware created a backdoor, or secret connection, so attackers could infiltrate the industrial and power plants and suck away info about how to run and control these critical systems.
Cybersecurity Lessons (That Should Have Been Learned)
Byres developed a platform to dissect what’s inside software, to see what’s inside your ‘can of soup,’ so to speak. It wouldn’t have prevented the SolarWinds attack, he said, but it would help uncover it. “We need to start getting visibility into the bits and pieces of software that we load onto our plants,” Byres said.
“Where did I get it? Where did my suppliers get it from? Where did their suppliers get it from?” he asked. “If we don’t have the visibility, the bad guys will coattail in on something.”
Organizations need to be careful about what software they trust, Hjelmvik told Archer News. They need to limit Internet traffic going out of their networks, which could make it harder for attackers to do malicious things with the systems.
Also, they should instrument their systems better so they can do forensic analysis after an attack and find out what happened, he recommended. “Software supply chain attacks is a problem we need to learn how to handle,” Hjelmvik said.
Watch the full interview with Eric Byres, CEO of aDolus, Inc.
Green at the Core: How Sustainability Is Becoming the New Competitive Edge in Business
Last week, at the Innovation Summit in Paris, I had the pleasure to interview Sophie Borgne, Water Segment President, Schneider Electric, and Georg Weber, Executive Board Member & CTO, Wilo Group. The conversation is focused on sustainability, marking a pivotal shift in
Beyond Boundaries: A Journey Through IIoT Innovation at Hannover Messe Fair 2024
With the eagerly anticipated Hannover Messe Fair 2024 on the horizon, IIoT World has embarked on an exciting initiative to capture the pulse of innovation in the Industrial Internet of Things (IIoT) space at the fair. We reached out to
Bridging Technologies and Sustainability: Connect’s Role in Modernizing Industry
At the Innovation Summit in Paris, Kim Custeau, EVP Portfolio, Aveva, talks about "Connect," a dynamic initiative at the forefront of integrating over 109 products from Aveva alongside Schneider Electric's software components. This pivotal platform, Connect, acts as the foundational