MITRE Att&ck, which stands for Adversarial Tactics, Techniques and Common Knowledge, is a knowledge base of adversary tactics and techniques that help inform the cybersecurity industry. MITRE recently released an Att&ck knowledge base specifically designed for industrial control systems (ICS). ICS are found in industries such as electric, water, wastewater, oil and natural gas, transportation, chemical, pharmaceutical, and various manufacturing sectors. These systems enable the regular automation of key processes that everyone relies on, and any compromise on their operation could impact the health and safety of humans.
According to the MITRE Att&ck document, adversary TTPs associated with ATT&CK for ICS fall under the following broad categories:
• Blocked or delayed flow of information through ICS networks, which could disrupt ICS operation.
• Unauthorized changes to instructions, commands, or alarm thresholds, which could damage, disable, or shut down equipment, create environmental impacts, and/or endanger human life.
• Inaccurate information sent to system operators, either to disguise unauthorized changes, or to cause the operators to initiate inappropriate actions, which could have broad negative effects.
• ICS software or configuration settings modified, or ICS software infected with malware, which could have broad negative effects.
• Interference with the operation of equipment protection systems, which could endanger costly and difficult-to-replace equipment.
• Interference with the operation of safety systems, which could endanger human life.
Next in this blog series, we will address Man-in-the-Middle-Attacks. The aim is to help you understand the MITRE Att&ck walk-through, and their mitigation techniques, as well as offer our own insight.
How It’s Done:
Man-in-the-Middle (MITM) attacks occur when adversaries with privileged network access modify traffic in real time, by intercepting it to and/or from a device on a given network. Depending on the desired effect, these attacks may be intended to alter traffic traveling between the two, collect sensitive information, eavesdrop, etc. This attack is typically executed via Address Resolution Protocol (ARP) poisoning and the use of a proxy. By launching such an attack, an adversary gains the ability to block, log, modify, or inject traffic into the communication stream.
For example, HEXANE’s attack on telecommunications providers in the Middle East, Central Asia and Africa, is thought to be a part of network-focused man-in-the-middle and other similar attacks.
Recommended Mitigation Techniques:
Your time matters, and your systems should work. Invest in a remote access system built from the ground up for industrial control networks, uniquely secured with moving target defense, with no compromises on security.
Ask us questions or get your demo at https://dispel.io