ICS threats to cybersecurity

The threats of anomalies in Industrial Control Systems

With a Rhebo Industrial Security Assessment, industrial companies and operators of critical infrastructure gain complete transparency of their Industrial Control System (ICS). All suspicious componentes, connections and communication processes are identified. The results enable those responsible for cybersecurity to immediately eliminate threats and to secure their ICS.

‍The following examples showcase typical results from Rhebo audits and the identified anomalies.

‍Also, explore the technical error state anomalies that threaten the productivity of automated manufacturing companies.

Preventing Malware Infection

Analysis

Rhebo Industrial Protector registered multiple communication via the protocol types VNC, NetBIOS and SMB. The protocols are typically used by Windows devices for remote configuration and file sharing.

‍

Their usage is usually not wanted in industrial networks.

Security Threat

The protocols are often used by malware (e.g. NotPetya and WannaCry). If the affected devices have direct or indirect access to the Internet, the ICS is at risk of compromise or infection.‍

‍

Threats:

financial loss due to production downtime
power failure due to blackout
system recovery and repair costs

Deactivating Insecure Ports

Analysis

Rhebo Industrial Protector frequently identifies communication via ports for which security vulnerabilities are known (i.e. CVE vulnerabilities). In some cases, this anomaly correlates with suspicious communication patterns.

‍

For example, in one case Rhebo Industrial Protector reported communication over a questionable port used by the Windows WBT Server for Remote Desktop Protocol (RDP). Only a few packets were transmitted during the communication, which is uncharacteristic for RDP connections.

Security Threat

Ports for which vulnerabilities are known are regularly used by Trojans and malware for communication.

‍

The characteristics of the exemplary communication (short-term and encrypted) additionally support the assumption of malicious communication and a compromise of network components.‍

‍

Threats:

financial loss due to production downtime
power failure due to blackout
system recovery and repair costs
loss of customer trust

OT risk analysis

OT security monitoring & NIDS

Building OT cybersecurity know-how

SIEM Integration

Security compliance

Asset detection & inventory

Condition monitoring

Mitre Att&ck for ICS integration

Log integration in SIEM systems

Preventing Malware Infection

Analysis

Security Threat

OT risk analysis

OT security monitoring & NIDS

Building OT cybersecurity know-how

SIEM Integration

Security compliance

Asset detection & inventory

Condition monitoring

Mitre Att&ck for ICS integration

Log integration in SIEM systems