Industrial Cybersecurity

5 Industrial Attacks That Show Why Cybersecurity Matters

Learn about real-life industrial attacks and simple, practical ways to prevent them.
Cybersecurity importance - thumbnail
Listen to this article

When it comes to industrial cybersecurity attacks, most people think of very sophisticated cyberattacks using advanced technologies. But when you learn about some of the biggest cyberattacks in big industrial facilities, you realize the hacker took advantage of very simple holes in the system and caused serious real damage. And when I say damage, I mean things like big explosions or shutting down huge fuel pipelines.

My goal with this blog post is for you to learn about some of these industrial cyberattacks and how they happened. You will also learn some very simple ways they could have prevented these attacks from happening. If you are a plant manager or a technician working in an industrial facility, understanding these real-world threats can help your mind stay alert when there is a sign. This could also be helpful for people who are not involved in factory floor operations directly and are sitting in the office doing administrative work. Most of these attacks initiate from the office networks of the industrial facilities, which are usually a weak point. So, if you are reading this and you work on the plant floor, it would be helpful to share this with your colleagues working in the office as well. They will thank you for this.

Okay, now let’s start learning about some real-life industrial attacks.

Real-Life Industrial Attack #1:

Australian Wastewater Treatment Plant (Year 2000)

So, there was a system integrator company working on a SCADA project for an Australian wastewater treatment plant, Maroochy Shire Council. Within this system integrator company, there was an employee involved in this SCADA project, and because of that, he had access to critical sections of the SCADA system.

Later, this employee left the system integrator company and applied for a job at the same wastewater treatment plant of Maroochy Shire Council, but he got rejected. He got mad and, while still having access to the SCADA of the plant from the previous project, guess what he did? He decided to use his access to open up some valves, and this caused more than 800,000 liters of wastewater to flow into local parks, rivers, and other areas in the city, which, as you can imagine, created serious environmental and residential issues in the region.

How Could They Have Avoided This?

Well, as you may guess, this could easily have been prevented if the wastewater treatment plant had a simple process to cut access to external people after the project was done.

Real-Life Industrial Attack #2:

Stuxnet (Year 2010)

Stuxnet was a virus that was designed to attack one of Iran’s nuclear sites. The virus got to a computer via a USB stick, and then, when the computer connected to the PLC, it moved to the PLC and sat in the PLC program. The PLC was a Siemens S7-300 model. One of the jobs that this PLC had was to control the speed of the motors running the centrifuges. The way the virus worked was that it got into the function block controlling the centrifuge speed and increased the motor speed much higher than what the centrifuges could handle. Think of that as 10X or 100X speed for the motors. And what happens when you increase the motor speed to this mad level? Well, the centrifuges could not handle this extreme motor speed, and they exploded. The virus was also designed in a way to show normal speed for the motor on the HMI panel in the control room, so to the people working in the control room, everything looked normal, but on the plant floor, the centrifuges were exploding left and right. This was the first time in history that a computer virus created such a huge physical impact on an industrial facility.

How Could They Have Avoided This?

As I mentioned, Stuxnet got into the computer and then the PLC through a simple USB stick. To prevent this, they could have done two simple things:

  1. Disable USB Ports: They could have disabled the USB ports on all the computers connected to the PLC.
  2. USB Scanning Stations: They could have implemented a simple process where all USB drives or other external devices were scanned before entering the facility.

You see, most of these measures are pretty easy to implement and don’t require very sophisticated technology or additional investment.

Real-Life Industrial Attack #3:

The German Steel Mill Attack (Year 2014)

In 2014, there was a massive explosion at an industrial furnace in a German steel plant. Here is how this industrial failure happened. The attacker started sending fake phishing emails to the people working there. When people clicked on these emails, they unknowingly installed malware on their computers. The malware then traveled through the office network and eventually reached the plant network. From there, the attackers gained access to the control system and caused an uncontrolled shutdown, which resulted in a massive explosion in the furnace.

How Could They Have Avoided This?

In this case, they could have simply trained their employees to recognize phishing emails. To ensure the employees were properly trained, they could also test them by sending simulated phishing emails occasionally and observing their reactions. This was also an easy fix.

If you want to know more about this attack and ways to defend against similar ones, check out our course Industrial Cybersecurity 4: Defending ICS Against Real-World Attacks.

Real-Life Industrial Attack #4:

Taiwanese Chip Maker Attack (Year 2018)

TSMC is one of the world’s largest chip makers. They make chips used in Apple phones, for example. In 2018, they bought some new machines that came with pre-loaded software. Unfortunately, this software was already infected with a virus. As soon as they started using these new machines, the virus began spreading throughout the plant. Additionally, since the Windows computers they were using were not up to date, the virus easily spread to other parts of the plant. This caused an unplanned shutdown and resulted in $250 million in lost revenue for the company.

How Could They Have Avoided This?

Just like the other examples, this could have easily been prevented with some simple measures. For example, they could have scanned the software on the new machines to make sure it was clean before installing it in the plant. They could have also ensured that their Windows computers were up to date with the latest security features to reduce the chances of a virus spreading. Another step they could have taken was to separate the networks of different sections in the plant so that, if a virus infected one part, it couldn’t easily spread to others.

If you are a plant or maintenance manager and want to train your team on the basics of industrial cybersecurity, you can sign up for a RealPars Business Membership and have your team trained with courses like Industrial Cybersecurity 4: Defending ICS Against Real-World Attacks.

Real-Life Industrial Attack #5:

Colonial Pipeline Attack (2021)

The Colonial Pipeline Attack in 2021 was a major cybersecurity event that heavily disrupted fuel supply in the United States. Here is how it happened. There was an employee working in the administration department. This is a department that was dealing with things like billing and scheduling. The employee was not on-site, so he had to use a remote connection to get connected to the company computer to do their job. But they were using a weak password. So the password got stolen and got into the dark web. The dark web is a place on the internet where bad people buy and sell stolen information like this poor employee’s password. So the hacker bought the password on the dark web and used that to easily get access to the computers of the Colonial Pipeline. Once they did this, they blocked access of the company to all the admin information. Things like billing and scheduling information were critical to the operation of the company. The hackers could not get access to the control systems that were controlling the pipelines, but as a security measure, and since the company could not operate without the administration data such as billing and scheduling, they decided to shut down the pipeline as an extra security measure. And I think you can guess what happened next. The supply of fuel for a large part of the U.S. East Coast stopped. People started to panic and rushed into the gas station. This increased the gas prices and created a chain of other problems.

The hacker asked for $4.4 million in Bitcoin. The company paid this, and the hackers unblocked the admin data, and things got back to normal after a few days. Although, later on, the company could get part of that money back as the police went after the hackers.

How Could They Have Avoided This?

Well, again, this horrible event could also be prevented by some simple security measures. For example, the company could use a password management software for all the employees, and using this, they could have strong passwords instead of easy-to-guess passwords used by the employee. They could also use an extra step for logging in, something like sending a code to the employee's phone to log in.

Conclusion

As you can see, most of these industrial attacks are costly and painful, but they all have one thing in common: they could have been prevented with simple security measures at little or no additional cost.

When plant managers hear about cybersecurity, they often think it’s something expensive that needs to be planned for next year’s budget. But bad actors, like those who attacked the U.S. pipeline, may not wait until then. Don’t wait too long. Start with simple measures, like checking who has access to critical systems. Remember the Australian wastewater treatment plant? Review access and revoke it for people who have left the company or contractors who have completed their work. You can also train your employees on previous industrial attacks like the ones explained here. This trains their minds to recognize potential threats. The next time they receive a suspicious email, they might hesitate before clicking. Just share this blog with them. Or, if you’re serious about preventing cyberattacks on your facility, sign up for RealPars industrial cybersecurity courses. You can get a Business Membership for your team by filling out this form.

Stay safe.

Profile Icon
Shahpour
Shapournia
Calendar Icon
December 16, 2024

Popular courses

All courses
1189
(
1189
reviews)
PLC Programming MADE EASY (Level 1)
47
lessons
Beginner
This is some text inside of a div block.
17
(
17
reviews)
PLC Programming from Scratch 1
20
lessons
Beginner
This is some text inside of a div block.
3
(
3
reviews)
Allen-Bradley PLC Programming | Advanced Course
36
lessons
Advanced
This is some text inside of a div block.

Join the Top 1% of Automation Engineers

Start Your 7-day Free Trial

Related Articles

Industrial Cybersecurity
Industrial Control Systems Cybersecurity: Importance & Protection
Profile Icon
Justin
Wilson
Calendar Icon
2023-06-12
October 26, 2024
Explore all articles

Learn from Industry Experts

Start your learning journey today!
With a 7-day trial, then 25/month
Start Learning For Free
Industrial Cybersecurity