The Importance of Following Cybersecurity Best Practices

In this post, we leave you some examples of recent news related to cyberattacks against industry or critical infrastructures.

Becolve Digital

Blog cover

We read with concern the latest news related to cyberattacks against industry or critical infrastructures. Far from diminishing, these continue to grow, and industrial cybersecurity incidents continue to rise.

Some Examples:

Honda investigates a possible Ransomware attack, its networks have been affected to such an extent that they have had to suspend production in some of their factories.

Although the details are unknown, the company has confirmed on its social networks: “We are currently working to contain the attack and restore business operations as soon as possible.” We could be talking about cyberactivism due to the riots caused by the death of George Floyd, for which hackers have targeted automotive companies.

The security researcher named Milkream has found a sample of the SNAKE (EKANS) ransomware, which checks if it is within the internal network mbs.honda.com, if not, it aborts its execution without encrypting any file.

Another security researcher, Vitali Kremez, has detailed that the virus checks a US IP address, 170.108.71.15, corresponding to another Honda domain.

Ransom SNAKE Note

The website of the Spanish Ministry of Health is being impersonated to hack Android SmartPhones and inject Trojans. Taking advantage of the Coronavirus crisis, cybercriminals are taking advantage of reference information pages to spread their malicious code, in this case, the Ministry of Health’s own website for the theft of banking credentials.
Mitsubishi, a cyberattack and the prototype of a missile. The company could have been the victim of information theft about the prototype of a Japanese missile.

computer hacker

At the same time, it is rare for a day to pass without news of new critical vulnerabilities present in operating systems appearing:

SMBleed, a new critical vulnerability in the new versions of SMB that can remotely expose the contents of the computer’s memory.
CVE-2020-1317, a privilege escalation vulnerability that allows any local user to gain administrative powers of the machine.
The more than 5000 vulnerabilities identified so far in 2020 are proof that the possibilities of intrusion and/or uncontrolled execution of malicious code are increasing (and being exploited).

Given this situation, what can we do? The answer to this question, once again, is…

Firstly, awareness and training in cybersecurity.
Secondly, the implementation of a defense-in-depth strategy and apply different layers of countermeasures to minimize the impact of these attacks.
Design OT networks following best practices for segmentation and traffic control, for example, based on IEC 62443. An example of these principles can be found in the reference architecture of Wonderware solutions

To begin with, it is first necessary to know oneself, detect one’s weaknesses and be able to select the most efficient countermeasures taking into account the company’s own idiosyncrasies and way of working. A specific solution may be valid for one company but not for another, with different policies and methodologies.

Therefore, the Best Way to Start is by Carrying out a Cybersecurity Audit that Indicates:

How are we? From the perspective of cybersecurity
How can we resolve the detected incidents? Proposing the best solutions on the market
How can I apply the solutions? Taking into account the personality of the company.

As we have seen, cybersecurity attacks occur, are successful, perhaps only partially in some cases, but the impacts produced are serious or very serious, both for the productivity and efficiency of the processes and in the reputation of the companies.