- Rhebo warns of easier access for cybercriminals to the corporate network
- Disruptions in production will increase during and after the Corona crisis
- IT/OT security managers must implement a strategy for complete threat detection
Leipzig, Germany, April 7, 2020 - The German cybersecurity service provider Rhebo warns of the dangers of the home office during the Corona crisis with regard to the cyber security of industrial companies. Using the home network increases the chances of successful penetration of corporate networks by cyber criminals. This can particularly affect the notoriously poorly secured industrial control systems (ICS). IT and OT (Operational Technology) security managers should prepare for an increase in suspicious and novel incidents on the networks - and implement strategies to identify them quickly.
»We especially see the risk that cyber criminals can install malware on a company computer via the home network more easily,« Rhebo CEO Klaus Mochalski warns. »Home networks are rarely protected well. Especially with professional attack techniques the attackers have an easy job.« Federal offices for information security of many countries have recently issued useful recommendations for home office work. They generally warn against phishing emails, and recommend Virtual Private Networks (VPN) for communication towards the corporate network.
Nevertheless, the attacker might not even attack the actual company computer as the entry point. Many homes today are equipped with smart, networked devices such as digital assistants, thermostats, entertainment systems and a variety of private mobile devices, which usually have no security functions whatsoever. These can act as the first point of contact for cybercriminals, simplifying the compromise of the corporate assets within the home network.
From the smart assistant to the ICS in 2 Steps
»So to speak, the attackers jump from the Alexa assistant to the company computer, because both are connected to the same home network,« Klaus Mochalski highlights the complex interdependencies. »Once the attacker is on the company computer, he only has to wait until the next connection to the company network is established. Then no VPN will help to prevent the infection, because the VPN accepts the company computer as a legitimate network participant. In case of doubt, the attacker just waits until the Corona crisis is over and everyone returns to their workplace. In a way, the employees personally carry the malware through the security barriers into the company. It is then only a stone's throw to the usually completely unsecured ICS in production. We expect that during the corona crisis and especially afterwards, there will be more and more malfunctions in networked productions. Cyber criminals have actually only been waiting for an opportunity like Corona.«
Common security tools only monitor the network boundaries and detect almost only known threats. However, cyber incidents in companies since 2016 show one thing above all else: malware is constantly changing while security tools are always one step behind. In a crisis situation like Corona, the dynamics in this regard will increase. If the company's internal security technologies fail to recognize new communication patterns within the ICS, the door is wide open to attackers.
ICS monitoring with anomaly detection enables manufacturing companies to close this security gap. On the one hand, the monitoring is located within the ICS and monitors every communication between the devices. In addition, anomaly detection allows the detection of unknown attack patterns, as these are reflected in new types of communication. If a company laptop infected in the home office connects to the ICS and the malware becomes active, anomaly detection reports this as suspicious, previously unknown communication in real-time. IT/OT security managers are thus immediately informed of malicious activities and can immediately initiate appropriate countermeasures such as network disconnection and quarantine.
In addition, a stability and security audit can also help in the weeks of normalisation following the crisis. In this case Rhebo analyses all communication occurring in the ICS over a fixed period of time and identifies existing vulnerabilities or security problems. This enables those security managers to start with a streamlined system after the crisis and ensure stable production.
Jens Pacholsky, Public Relations Rhebo