The fact that the Dark Web is offering details on compromised systems is hardly surprising. But the types of systems mentioned in this article are worrying. With the outing of Stuxnet several years ago, there are more robust controls around health and industrial environments. Yet if the report is to be believed, key services may be neglecting security in places.
It is important to note that CPNI, NIST and others have released compliance guidelines for industrial control systems (ICS) and these heavily promote the upgrading of legacy systems, mandating the implementation of information security management systems (ISMS).
Of course, there are challenges in implementing new security protocols on ageing SCADA systems and legacy physical and network security tools. But the risk imposed by breaches of such systems is not necessarily in loss of data, reputational damage or loss of revenue - more worrying is the loss of control, which poses a credible threat to livelihood or life. So the challenges of implementing ISMS in these environments should pale in comparison to the risks involved.
Organisations would benefit from looking at SIEM for ICS environments, complying with the ‘security by design’ principle as part of the design phase for new power plants, hospitals and other critical industries.
Additionally, as log management is mandatory for the compliance regulations mentioned above, there is every reason to look at real-time analytics and correlation as a necessary layer of security. They ensure the types of remote access breaches mentioned in this article cannot happen. Or, in the event that they do, they make it easy to detect, investigate and mitigate issues before any real damage can be dealt.
An underground dark web marketplace is selling access to the private computer networks of critical infrastructure targets – including power plants, government departments, hospitals, financial firms and airlines – in exchange for bitcoin, a form of digital currency.