Cyber world hosts new threats every day. As ICSDI LABS, the most important thing we do is to analyze emerging or potential threats, share them with our customers and make the World Safer.
We know how important our work is. And we have a responsibility to all humanity, and we continue our work without slowing down so that humanity can live in a safer cyber universe.
Scope Of The Report
ICSDI LABS analysts scan and check millions of potentially malicious systems daily.
The scope of the report is to disclose the malicious systems that ICSDI LABS Analysts have successfully detected and to share them with the whole world. In the third part of the ICSDI LABS Cyber Threat Report Series, ICSDI LABS analysts detected exactly 25006 malicious services.
Please click the button to read and review the report.
The development of technology in today’s world has brought many advantages and disadvantages. While the digitalized world enables us to perform our transactions more easily, it also created the need to ensure the security of these transactions. The world of our age is the world of technology and the common point of all technologies is cyber security.
Malware, a type of cyber attack, is a type of malware that infects computers, can process and steal data without the device owner’s permission. There are many types of malware. Some of those;
Ransomware: It is one of the most popular types of cyber attacks of recent times. Computers are intercepted using information obtained through a variety of social engineering and phishing methods. Attackers then capture and encrypt data on computers. After that, they demand a ransom. Even if the victim has paid the ransom, there is no guarantee that they will completely survive this attack. The most popular method of integrating this malware into computers is emails sent to the target via fake email accounts. By sending an email, such as a government agency or a bank, the target is trapped. Therefore, it is one of the simplest security measures not to open e-mails that you are not sure about.
Trojan: This malware, called a Trojan horse, hides itself until the right moment of the attack after it enters the systems. The Trojan may present itself as an application. For this reason, games, software, etc. that you will download to your phone or computer. Before downloading apps, make sure they are safe.
Worms: These malicious software, which enters computers through security holes or vulnerabilities, reproduce by itself without the need for any action. The aim is to take over the systems by spreading rapidly on the network.
Bot: Malware that runs as a computer program and can be controlled by multiple external sources. This malware; chat etc. It aims to capture various information through web-based programs. Other malware may also be needed to carry out this attack.
Rootkit:It is a type of malwaredesignedtoremotelyaccessandcontrol a computer.Theaim here is toinfiltratethecomputerwithoutbeingcaughtbyusersandsecurity software, ifany.As a result, if a rootkitattacksucceeds; data can be stolen, alloperations can be performed on thecomputer, filescan be run, differentmalware can be installed.Rootkitattacks can be carriedoutbyexploiting a vulnerability.
Spyware: This malware can infiltrate computers through a Trojan horse or a program downloaded to the computer. The goal is to collect data and track browser history. Therefore, it is a dangerous type of malware. With this malware, the security settings of your computer can be changed and accordingly different malware attacks can be opened.
So how can a malware attack be detected? A few tips for this;
If your computers are running slow,
If your computers have firewall and security software, when disabled,
When you receive unfamiliar error messages.
You may suspect a malware attack. You can contact the ICSDI team to get support in the field of cyber security and to get information about our cyber security software and services.
Technology has affected all kinds of industries all over the world. This technology, which is involved in business processes in routine life, provides serious convenience in business life. Speeding up production and reducing the margin of error are some of the features it offers. The topic we will talk about today will be about Scada systems and security. Now, before wasting time, let’s take a look at what Scada is. So, let’s examine how we can ensure the security of these systems.
Scada; It is an abbreviation of the English phrase “Supervisory Control and Data Acquisition”. Scada is a control system architecture that uses computers, networked data communications and graphical user interfaces for high-level process control management. However, it can also use other peripheral devices such as PLC and PID controllers to interface with the process plant or machine.
Scada is a system of software and hardware elements that enables industrial organizations to:
Ability to control industrial processes locally or in remote locations,
Recording events to log file,
Real-time monitoring, collection and processing of data,
Interact directly with devices such as sensors, pumps, valves, motors and more via human-machine interface (HMI) software.
The goal of Scada systems is to help maintain efficiency, process data for more rational decisions, and communicate system problems to reduce fault processes. Therefore, it is important for industrial organizations. Scada software processes, distributes and displays data; It helps operators and other workers analyze data and make important decisions. For example, the Scada system quickly informs the operator that the failure rate of a product group is high.
The operator pauses the operation and displays SCADA System data through an HMI to determine the cause of the problem. The operator reviews the data and finds that the machine 4 is faulty. The ability of the Scada system to report a problem to the operator helps it resolve the issue and prevent further product loss.
So, in which sectors are Scada systems mainly used?
Scada systems; It is used in electricity, manufacturing, energy, wastewater, transportation, recycling, food, beverage, oil, gas and many other industrial establishments. Effective and giving importance to security, Scada systems provide serious benefits to industrial organizations in terms of time and money.
Now, after talking about some advantages and disadvantages of Scada systems, we will move on to the security aspect. Some advantages of Scada systems;
The system provides the ability to store large amounts of data,
It is possible to obtain real data simulations with the help of operators,
Scalable and flexible when adding additional resources,
It can be used in many industrial establishments,
With advanced software, data can be viewed from anywhere, not just the local site.
So what are the disadvantages of Scada systems?
Installation costs are high,
The system supports limited software and hardware equipment,
The PLC-based Scada system is complex in terms of hardware units and connected modules.
Now we come to the part that interests us. What has been said so far was to understand Scada systems with its general logic. As everyone knows, the common point of all technologies is cyber security. Every company, every institution from every sector needs cyber security. The reason for this is that technology takes place at every stage of our lives and the common point of all technologies is cyber security. No matter what system or software you use, the costs in a cyber attack will be very high if you do not take security measures. Since this situation will cause both financial and prestige loss, it is beneficial for all companies and institutions to prioritize cyber security.
Because Scada systems monitor critical infrastructures, it is important that they are protected against cyber attacks. Scada systems are designed without critical functions such as security and protection against cyber threats. For this reason, Scada systems are defined as systems with vulnerabilities.
As an example of these vulnerabilities; The fact that the PLC component is directly connected to the sensors providing data in the field and the hard-coded default passwords to the ethernet cards are used without changing.
When we look at the components and attack surfaces that need to be secured in Scada systems;
Programmable Logical Controller (PLC),
Internet, Enterprise Network and Peripheral Components,
Network Operating Systems,
Control System Performing Data Collection and Process Control Operations,
Security Rules and Procedures (For example, we can say business continuity and disaster recovery)
At these points, keeping the security at a high level is important in terms of minimizing the damage in a possible cyber attack. So what are the general weaknesses of Scada systems?
Smart grid systems may contain security vulnerabilities of the common and licensed technologies they use,
Information technology communication systems pose a security risk if precautions are not taken,
Communication networks connecting smart grid devices and systems provide more access points to Scada systems.
At this point, what are the security measures that can be applied in Scada systems?
Dynamic whitelisting (preventing unauthorized program and code execution),
Read protection (this operation is authorized only for special files, directories, partitions.),
Write protection (Hard disk writes are only allowed for services that handle the operating system, application configuration, and log files.
Let’s end our topic by talking about the defense methods that should be applied in general for Scada systems. It will be easier to understand them by listing them as items.
To determine security policies specific to Scada systems,
Implementing a layered network topology,
Implementation of DMZ network architecture to prevent direct traffic between the institution and Scada systems,
Checking whether the critical components are in the redundant and redundant network,
Restricting physical access to Scada networks and devices,
Managing security processes such as preventing malware infection, detecting it early, preventing its spread and reducing their damage,
Using secure network protocols and services,
Provide monitoring and control for critical Scada areas.
You can contact the ICSDI team to get support in the field of cyber security and to get information about our cyber security software and services.