Categories: NewsSecurity

Georgia Institute of Technology Simulates Ransomware Attack Taking Over a Water Treatment Facility

Ransomware continues to pique the interest of both criminals and security researchers alike. The Georgia Institute of Technology conducted a simulation involving a new type of ransomware capable of taking over industrial computer systems with relative ease. During the demo, the group takes control of a water treatment plant, allowing them to shut down valves, increase chlorine levels and even display inaccurate readings. A very troublesome development that highlights how the industrial sector is not prepared for such sophisticated attacks.

A Worrisome Malware Development With Major Repercussions

Albeit this was only a simulated attack, it goes to show criminals can target industrial computer systems to cause a lot of havoc. In the past, several power grids in Ukraine have been shut down by hackers who gained access to internal systems. It is not unlikely such a trend would spread to the rest of the world, although no one knows for sure how much damage could be done in the process.

A lot of control systems belonging to power plants, water treatment facilities, and energy facilities are vulnerable to attacks from the outside. The Georgia Institute of Technology wants to highlight the risks presented by leaving critical systems connected to the Internet. If such facilities would be infected by malware or ransomware, a lot of damage can be done without the companies being able to do anything about it. Allowing criminals to access and control these systems need to be avoided at all costs.

So far, there have been no public reports related to ransomware infecting process control components of industrial control systems. Instead, criminals are targeting healthcare organizations and taxpayers, in the hopes of collecting valuable personal information. Considering how ransomware generated roughly US$200m worth of revenue for criminals in Q1 of 2016, it is only a matter of time until they move on to bigger targets.

Related Post

Compromising control systems would open up Pandora’s Box, so to speak. If someone hijacks a water treatment facility, there is nothing preventing them slowly upping the chlorine dosage until the facility owners meet the ransom demand. It is not unlikely situations like these will not only become more common, but lives will be at stake as well. A lot of industrial control systems lack proper security protocols. Just because these systems have not been targeted by criminal attacks yet – as far as we know – does not mean they should be left unprotected either.

One critical flaw found in nearly every industrial control system is how it authenticates user activity. Anyone with access to the network – legitimate or not – can control the system with relative ease. There does not seem to be a failsafe in place to keep intruders out once they gain unauthorized access. Moreover, weak password policies are another major concern. Even though operators may believe their system is not connected to the Internet, that is not always the case. Remote maintenance and critical updates require online access, which leaves the door open for criminals to take advantage.

It seems to be a matter of time until ransomware attacks will target industrial control systems. Since hardly any of these systems are prepared for a sophisticated attack, it is not unlikely a few incidents will take place before the proper action is undertaken. Intrusion monitoring systems need to be installed sooner rather than later. Additionally, password security needs to be improved. Users who need to access the system need to be whitelisted, whereas all other remote connections should be broken off prematurely. A lot of work needs to be done, that much is certain.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

WIF Set to Overtake BONK? Lunex Soars with 100x Potential in Altcoin Season

As altcoin season heats up, all eyes are on the rising stars—especially Lunex, which is…

4 hours ago

Binance Coin Price Dips: BNB Holders Rush To Lunex Presale To Hedge Their Long Positions

While the broader market witnessed a notable upward movement, Binance Coin (BNB) experienced a decline…

5 hours ago

Crypto Stalwarts Forecasted 800% Growth in Innovative Projects: VeChain, Rollblock and Polkadot!

This blazing crypto bull run has investors looking for the next top altcoins set to…

5 hours ago

Dogecoin Price Set To Recreate 36,000% Rally From 2021 After Pennant Formation

The Dogecoin price is back in the limelight, captivating the crypto world with its recent…

5 hours ago

Is XRP About to Explode? How Trump’s Victory Is Affecting XRP Price Amidst JetBolt Growth

Ripple’s XRP showed a 68% price increase in the last 7 days following Trump's victory,…

5 hours ago

Ethereum Down While Bitcoin, Solana, and JetBolt Skyrocket In End November 2024

Ethereum stumbles as Bitcoin surges past $97K, Solana eyes new highs, and JetBolt’s presale shakes…

8 hours ago