Categories: NewsSecurity

Georgia Institute of Technology Simulates Ransomware Attack Taking Over a Water Treatment Facility

Ransomware continues to pique the interest of both criminals and security researchers alike. The Georgia Institute of Technology conducted a simulation involving a new type of ransomware capable of taking over industrial computer systems with relative ease. During the demo, the group takes control of a water treatment plant, allowing them to shut down valves, increase chlorine levels and even display inaccurate readings. A very troublesome development that highlights how the industrial sector is not prepared for such sophisticated attacks.

A Worrisome Malware Development With Major Repercussions

Albeit this was only a simulated attack, it goes to show criminals can target industrial computer systems to cause a lot of havoc. In the past, several power grids in Ukraine have been shut down by hackers who gained access to internal systems. It is not unlikely such a trend would spread to the rest of the world, although no one knows for sure how much damage could be done in the process.

A lot of control systems belonging to power plants, water treatment facilities, and energy facilities are vulnerable to attacks from the outside. The Georgia Institute of Technology wants to highlight the risks presented by leaving critical systems connected to the Internet. If such facilities would be infected by malware or ransomware, a lot of damage can be done without the companies being able to do anything about it. Allowing criminals to access and control these systems need to be avoided at all costs.

So far, there have been no public reports related to ransomware infecting process control components of industrial control systems. Instead, criminals are targeting healthcare organizations and taxpayers, in the hopes of collecting valuable personal information. Considering how ransomware generated roughly US$200m worth of revenue for criminals in Q1 of 2016, it is only a matter of time until they move on to bigger targets.

Related Post

Compromising control systems would open up Pandora’s Box, so to speak. If someone hijacks a water treatment facility, there is nothing preventing them slowly upping the chlorine dosage until the facility owners meet the ransom demand. It is not unlikely situations like these will not only become more common, but lives will be at stake as well. A lot of industrial control systems lack proper security protocols. Just because these systems have not been targeted by criminal attacks yet – as far as we know – does not mean they should be left unprotected either.

One critical flaw found in nearly every industrial control system is how it authenticates user activity. Anyone with access to the network – legitimate or not – can control the system with relative ease. There does not seem to be a failsafe in place to keep intruders out once they gain unauthorized access. Moreover, weak password policies are another major concern. Even though operators may believe their system is not connected to the Internet, that is not always the case. Remote maintenance and critical updates require online access, which leaves the door open for criminals to take advantage.

It seems to be a matter of time until ransomware attacks will target industrial control systems. Since hardly any of these systems are prepared for a sophisticated attack, it is not unlikely a few incidents will take place before the proper action is undertaken. Intrusion monitoring systems need to be installed sooner rather than later. Additionally, password security needs to be improved. Users who need to access the system need to be whitelisted, whereas all other remote connections should be broken off prematurely. A lot of work needs to be done, that much is certain.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Analysts Forecast $1 for Cardano and Lunex Network As Dogwifhat Plunges To Former Lows

As the crypto market prepares for a major rally, experts believe that two top altcoins,…

6 mins ago

Retail Traders Panic Sell During ‘Fake Dip’; Whales Hold Tight to SOL, DTX, and SHIB for a Millionaire-Maker Bull Run

Solana (SOL): A Strong Ecosystem Despite Volatility Solana (SOL) has been all over the place…

50 mins ago

Llama 3.2 Predicts Price For Dogecoin: $2 Peak By 2025 And $5 Rally For DTX Exchange This Winter

Cryptocurrency trends are keen on the forecast that was recently released by Llama 3.2 model…

2 hours ago

Crypto Whale Sparks 8x Surge In $OPK Price with Massive Buy-in

A mysterious crypto whale, who previously invested 9,600 SOL into tokens $Pnut and $FRED, has…

3 hours ago

Early ENS Investor Transfers $2.47M To Binance Amid Upcoming Token Unlocks

An early investor linked to the $ENS token recently transferred 154,000 ENS tokens, valued at…

3 hours ago

Wintermute’s Memecoin Strategy: BABYDOGE Ranks Among Top 3 Holdings

In a surprising turn, $BABYDOGE has climbed to the top three in Wintermute’s memecoin holdings…

3 hours ago