Connect with us

TECHNOLOGY

Gas stations and beyond: Why cybersecurity is a top priority for industrial infrastructure

December 19, 2021 1:55 p.m.

By Chris Connell, Managing Director for Asia Pacific at Kaspersky

Industrial Control Systems (ICS) demand specific approaches to cybersecurity due to their complex structure, connected devices with different capabilities, software and operating systems, and critical functions. And this isn’t just a theory. 

Something as common as a gas station has all the attributes of an ICS, such as connected equipment including pumps and tanks, controllers, a management system, a payment system, as well as connection to the corporate network, third-party service systems, and the internet. Just like any industrial facility, it has cybersecurity issues that companies should consider, to avoid disruptions that may affect the business, its employees, and the general public. This happened recently when gas stations in Iran were shut down because of a targeted attack. 

This look through an ICS infrastructure is based on our research carried out at the end of 2020. It included the analysis of a modern gas station’s automation software architecture, a typical infrastructure, and the communications inside it. This allowed us to classify potential attack vectors and their impact on the fuel station’s network. 

At a gas station

Imagine you’re driving your car and you need to fill it. You stop at a gas station, put the dispenser in the tank, and go to the convenience store to pay for the fuel. Once inside, the fresh coffee smells nice, you take some snacks for the road, complete your purchase and return to your vehicle.

To deliver the fuel to your tank, several systems should work: the back-office system and point of sales are used for payments and management functions. They are connected to the forecourt controller (FCC). This is the area with pumps outside the convenience store where customers park their cars to fill up. It is equipped with many systems such as a pump control, an automatic tank gauge (ATG), payment systems, etc. The FCC is the main device that controls fuel distribution, so when you pay through a cashier, the FCC commands the pump to supply it to your car so you can continue your journey. 

Information about operations, the amount of fuel sold and available is transmitted to the management system locally and then to a head office that accumulates information from all stations. 

Where are the problems? 

Through our research, we managed to classify what could go wrong in this process. There are several potential operational technology (OT) and IT security issues that can affect the work of the station. 

The first group of risks involves potential remote access from external networks. Just like many industrial systems today, the gas station employs solutions that are connected to public services through the internet, these include cloud banking systems or specialised fleet management systems. Remote access to the fuel station allows further malicious actions inside the network. 

This was a real case described in one of Kaspersky’s studies. At the gas station, fuel management software was used to track the amount stored, set the price, and process payments. The system was connected to the internet and had vulnerabilities that allowed remote admin access with the ability to even change the fuel price. 

There are also suppliers and service companies that have access to some parts of the infrastructure. Compromising these third parties may open doors to the target system for attackers. In fact, this type of threat is of great concern for companies of any size profile: a third (32%) of large organizations suffered attacks involving data shared with suppliers. What’s more, the financial impact of such incidents on enterprises is the highest across all types of attacks in 2021. 

Another set of risks involves network and device issues that may potentially lead to the disruption of fuel station services or direct financial impact. Attacks can come from remote networks or by connecting to wireless networks or wired network ports available onsite. 

Then, if the network is not segmented, the attack can spread from entry points such as secondary equipment in a shop and office workstations to critical components such as fuel management controls. The usage of unencrypted protocols (HTTP, CDP, FTP, Telnet, etc.) in the gas station network may allow adversaries to disclose sensitive information for further attack development. 

Another critical but evergreen problem is vulnerabilities or security flaws in the fuel controller, POS terminals, and network equipment, as well as corporate endpoints and applications. In 2015, 5,800 automatic tank gauges (ATGs) were found to be exposed to unauthorized access from the internet because of a lack of password protection on a serial port. ATG is an electronic component placed in the tank that monitors the level of fuel and checks if it is leaking fluid. And through this serial port, the ATG can be programmed. If the signal it transfers is not correct, the operator won’t get an alert about any deviation. Figures from 2015 also suggested that at the time, most systems were in gas stations in the US and represented 3% of those used in the country. By compromising such critical systems as automatic tank gauges, criminals can unlock options for fraud or even physical damage. 

It is also important to verify all workstations used on the forecourt such as points of sale, back-office systems, fuel controllers or payment terminals, as well as their configuration and even access to USB ports. For example, a lack of encryption or incompliancy to the PCI DSS standard in a payment system can contribute to the risk of an attack. For a fuel controller, it is also important to check industrial protocols. Lack of source authentication or integrity control may give adversaries, performing a man-in-the-middle attack, the opportunity to intercept data and manipulate station controllers. 

Another point to manage is wireless gateways and reader units. A security assessment should be performed to identify insecure industrial protocols, the possibility of jamming and spoofing attacks. 

How to improve

There are major security measures that should help increase the overall level of operational technology infrastructure. It is applicable to fuel stations but is no less relevant to any industrial network. 

Network security: Purpose-based network segmentation enhances overall security and minimizes the surface of a possible attack. The segment of the network that has access to untrusted parts of it, such as corporate IT, should also be separated and protected with appropriate enterprise-grade protection software. 

Passive OT network monitoring is essential for asset and communication inventory and detection of intrusions before they affect the technological process. Monitoring data also helps IT security teams to analyze events and consider hardening measures. 

Access control: This should include restricting physical and logical access to the automation and control system. Security measures for remote access control for service companies will help to avoid third-party incidents. 

Endpoint protection: It is important to implement specialized industrial-grade security software for OT hosts and servers. Ensure that the software is approved by the automation vendor and compatible with its solutions. This should help to avoid a situation where the protection product affects operation functions. 

Security management: A system for centralized security event collection and protection software policy management should be implemented. It is also important that the solution allows vulnerability and patch management. If the system can be integrated with Security Information and Event Management (SIEM), that is a ‘nice to have’ option for organizations that plan to upgrade their protection level. Real-time continuous monitoring and endpoint data collection with rules-based response and analysis capabilities will help to further improve protection from advanced attacks. 

A more fundamental approach that involves long-term measures is also important to improve the overall cybersecurity posture. This means adhering to industry standards for information security controls such as IEC 62443, NIST, NERC CIP, and so on. The organization should also conduct penetration testing or security analysis regularly, to identify vulnerabilities and information security problems before they are exploited by someone. And then, of course, follow all recommended measures to fix them properly. 

Going deeper, there are specific requirements for companies with different levels of protection. But the measures listed above are essential to fill most cybersecurity gaps. Be it a fuel station, refinery, or giant car manufacturer, the basic principles of OT and IT protection should allow the company to build a reliable cybersecurity system and develop it according to their needs. This will provide a great foundation for satisfied business owners and happy clients. 

TECHNOLOGY

Infinix launches the all-new HOT 20S, the best value-for-money gaming phone yet

November 27, 2022 7:20 p.m.

Filipinos absolutely live and breathe mobile gaming, and here’s some good news: being the best mobile gamer around no longer has to break the bank.

That’s because Infinix is dropping the brand-new HOT 20S on November 27, which lets you own the competition as a top game assassin–all at an affordable price.

Now, you don’t even have to spend more than P9,000 to enjoy #MoreSmoothGameplay on the HOT 20S. The phone packs a Helio G96 Premium Gaming Processor and up to 13 GB of RAM, which powers all your favorite games and allows it to perfectly handle the toughest and latest titles. You can have a wide selection of games to download and stomp other players in thanks to its 128GB ROM storage.

You’ll also never miss a single detail in the action thanks to the HOT 20S’s 120Hz 6.78-inch Full HD+ HyperVision Gaming Pro display, which gives you bright and vivid high-resolution visuals no matter what you’re running. Your sessions can also go for as long as you want thanks to its 5000mAh Power Monster battery that fills up quickly with its 18W Power Charge.

The whole gaming experience is rounded out by the HOT 20S’s Bionic Breathing Cooling System, which keeps the phone humming and going through great heat and pressure. Meanwhile, the All-Around Gaming Network Enhancement Turbo increases its performance during playtime even further.

For those who still want to upload great-looking content on their social media accounts, the HOT 20S also packs a solid 50MP Super Nightscape Triple Camera setup, which lets you take stunning photos and videos, especially in low-light settings.

So what are you waiting for–be the best game assassin you can be without spending too much, as the Infinix HOT 20S gives you #MoreThanWhatYouPayFor, guaranteed. Get it for a suggested retail price of P8,499 from Lazada, Shopee, TikTok Shop, and official Infinix kiosks nationwide starting November 27. Get it for even less at only P7,849 exclusively on Lazada on November 28, and P7,999 in a limited-time Flash Sale on LazadaShopeeTikTok Shop starting December 1. For more info on the HOT 20S, visit the official Infinix website.

Continue Reading

TECHNOLOGY

JBL SOUND ALL AROUND: Pump up your sound trip with JBL’s new, exciting range of products

November 21, 2022 12:54 p.m.

Everyone is a true original. We march to the beat of our own drums, with the freedom to design our life exactly the way we want it. Goodbye to treading the “traditional,” and here’s to paving our own exciting paths. Whether you like the adrenaline of living it up in the fast lane or taking it slow and steady, cruising through life on your own terms, JBL understands that there’s no such thing as a “one-size” fits all kind of lifestyle. That’s why JBL continues to innovate and provide SOUND ALL AROUND.

JBL is the brand for all your audio needs–encompassing all aspects of sound, whatever your field. From professionals, to students, athletes, gamers, content creators, and more, every person can enjoy unique sound tailored to their own story. And in pursuit of providing only the best for each individual, JBL is introducing a new range of essentials under the gaming, sports, speakers, and True Wireless categories. 

Here, find exactly what you need that that reflects your own reality. It’s time to elevate your life and your sound trip with JBL!

Living Hands-Free

For students and professionals, you may find yourself spending countless of hours commuting or hanging out at your work/ study desk, tackling the day’s load. Allow yourself to fully focus on your task at hand or make the trip around the campus or city more enjoyable with JBL’s True Wireless Earbuds. 

The JBL Wave Beam and JBL Wave Buds are perfect if you want to bring your sound everywhere. With bass you can feel and a battery life of up to 32 hours, these ear candies deliver crystal clear sound with Smart Ambient technology that keeps you aware of your surroundings.

For the go-getting entrepreneur or professional, the JBL Tune Flex is a flex you should get. Its ergonomic and water-resistant design gives you all-day comfort for any weather. In addition, it’s designed with a simple touch feature that allows you to manage and enjoy calls anywhere, without ambient noises. Now, you can choose whether you want to tune out the world or engage with your surroundings.

Working/ studying from home? No problem. The JBL Live Free 2 and the JBL Live Pro 2 allow you to make clear, perfect calls with six beamforming mics. You can also access your preferred voice assistant for seamless, hands-free control and connection. The Live Free 2 earbuds deliver up to 35 hours of incredible JBL Signature Sound (with 7 hours in the earbuds + 28 hours in the case), speed charging, and Qi-compatible wireless charging for when your batteries need a boost. The Live Pro2 delivers the same amazing benefits with up to 40 hours of incredible JBL Signature Sound (with 10 hours in the earbuds + 30 hours in the case). Each are beautifully designed to fit your aesthetic and give you a stylishly elevated, ergonomic set. 

Born to Move

When you’re in the zone, nothing should distract you. JBL’s in-ear sports earphones keep you on track, especially if you want to be unstoppable. For athletes and other active individuals, the JBL Run 2 and the Run 2 B make for a perfect fit. 

These wireless sets will get you the motivation you need to push harder. Their FlipHookdesign adapt to an in-ear or behind-the-ear fit for convenience. In addition, the comfortable combination of FlexSoftear tips and TwistLocktechnology guarantees that they will never to hurt or fall out. Heading out into the rain or heat? Thanks to IPX5 waterproof, these wireless headphones keep up with you every step of the way. Enjoy a playback of 10 hours, an in-line microphone, and remote for hands-free control of sound and calls. 

Built to Win

Gaming is no longer just a hobby, it’s a real profession. And if you’re looking for a set that helps you stand out, then going with the JBL Quantum 810 is a must! Fully immerse in a new world ushered by the signature JBL QuantumSOUND, which makes even the tiniest audio details come in crystal clear; and JBL QuantumSURROUND, the best spatial surround sound for gaming with DTS Headphone:X version 2.0 technology.

If you’re more on-the-go, JBL Quantum TWS is for you. Play anywhere and hear everything as this innovative pair features True Adaptive Noise Cancelling technology. Lose yourself in the game and limit distractions with accurate surround sound. Easily Fast Pair with Bluetooth smartphones and establish low latency 2.4GHz connections to compatible devices with the included USB-C dongle.

Life of the Party

#YOLO Make every day and every gathering one for the books! Turn your space into a club with the JBL Boombox 3, the most powerful portable Bluetooth speaker now made even better! It’s been redesigned with a new subwoofer unleashing much deeper bass and massive JBL Original Pro Sound, all with lower distortion. Party to 24 hours of play time, hyping you up from your morning workout to the late-night rendezvous with your friends. 

For a truly unforgettable experience, grab the JBL PartyBox Encore speaker and the JBL Pulse 5. Sync the lightshow’s rockin’ strobes, ring, and club lights for an awesomely immersive experience. You can also sing along with JBL PartyBox Encore’s premium digital wireless mic, optimized for karaoke with adjustable echo, bass, and treble. Both speakers are dustproof and waterproof so take them from your backyard to the beach and beyond! 

Life is what you make it. So, enjoy every moment and dive into the perfect sound trip every day with JBL. Now, that’s a vibe. 

Continue Reading

TECHNOLOGY

The next WannaCry and drone hacking: Advanced persistent threats in 2023

November 16, 2022 1:14 p.m.

Kaspersky researchers presented their vision of the future for advanced persistent threats (APTs), defining the changes in the threat landscape that will emerge in 2023. Attacks on satellite technologies, mail servers, the rise of destructive attacks and leaks, drone hacking and the next big cyber epidemic are among some of the predictions for the next year.

The political turmoil of 2022 brought about a shift that will echo in cybersecurity for years to come and have a direct effect on the development of future sophisticated attacks. The 2023 forecast is based on the expertise and the activities the Kaspersky Global Research and Analysis Team (GReAT) has witnessed this year while tracking more than 900 APT groups and campaigns.

The next WannaCry and drones for proximity hacking

Statistically, some of the largest and most impactful cyber epidemics occur every six to seven years. The last such incident was the infamous WannaCry ransomware-worm, leveraging the extremely potent EternalBlue vulnerability to automatically spread to vulnerable machines. Kaspersky researchers believe the likelihood of the next WannaCry happening in 2023 is high. 

One potential reason for an event like this occurring is that the most sophisticated threat actors in the world are likely to possess at least one suitable exploit, and current global tensions greatly increase the chance a ShadowBrokers-style hack-and-leak could take place.

Major shifts will be reflected in new types of targets and attack scenarios too, as experts believe next year, we may see bold attackers and specialists adept at mixing physical-and cyber-intrusions, employing drones for proximity hacking. 

Some of the possible attack scenarios include mounting drones with sufficient tooling that would allow the collection of WPA handshakes used for offline cracking of WiFi passwords or even dropping malicious USB keys in restricted areas in the hope that a passer-by would pick them up and plug them into a machine.

Other advanced threat predictions for 2023 include:

  • SIGINT-delivered malware

One of the most potent attack vectors imaginable, which uses servers in key positions of the internet backbone allowing man-on-the-side attacks, may come back stronger next year. While these attacks are extremely hard to spot, Kaspersky researchers believe they will become more widespread and will lead to more discoveries.

  • The rise of destructive attacks

Given the current political climate, Kaspersky experts foresee a record number of disruptive and destructive cyber-attacks, affecting both the government sector and key industries. It is likely that a proportion of them will not be easily traceable to cyber incidents and will look like random accidents. The rest will take the form of pseudo-ransomware attacks or hacktivist operations to provide plausible deniability for their real authors. High-profile cyber attacks against civilian infrastructures, such as energy grids or public broadcasting, may also become targets, as well as underwater cables and fiber distribution hubs, which are challenging to defend.

  • Mail servers become priority targets

Mail servers harbor key intelligence so are of interest to APT actors and have the biggest attack surface imaginable. The market leaders of this type of software have already faced exploitation of critical vulnerabilities, and 2023 will be the year of 0days for all major email programs.

  • APT targeting turns toward satellite technologies, producers, and operators

With existing capabilities, evidence of APTs being capable of attacking satellites -with the Viasat incident as an example- it is likely that APT threat actors will increasingly turn their attention to the manipulation of, and interference with, satellite technologies in the future – making the security of these technologies ever more important.

  • Hack-and-leak is the new black (and bleak)

The new form of hybrid conflict that unrolled in 2022 involved a large number of hack-and-leak operations. These will persist in the coming year with APT actors leaking data about competing threat groups or disseminating information.

  • More APT groups will move from CobaltStrike to other alternatives

CobaltStrike, a red-teaming tool, has become a tool of choice for APT actors and cybercriminal groups alike. With it gaining so much attention from the defenders, it is likely that attackers will switch to new alternatives such as Brute Ratel C4, Silver, Manjusaka or Ninja, all offering new capabilities and more advanced evasion techniques.  

“It is quite clear 2022 saw major changes to the world’s geopolitical order and ushers in a new era of instability. A portion of our predictions focus on how this instability will translate into nefarious cyber activities, while others reflect our vision of which new attack vectors will be explored by attackers. Better preparation means better resilience and we hope our assessment of the future will enable defenders to strengthen their systems and repel cyberattacks more effectively,” says Ivan Kwiatkowski, senior security researcher at Kaspersky.

The APT predictions have been developed thanks to Kaspersky’s threat intelligence services used around the world. Read the full report on Securelist.

These predictions are a part of Kaspersky Security Bulletin (KSB) – an annual predictions series and analytical articles on key changes in the world of cybersecurity. Click here to look at other KSB pieces.

To look back at what the Kaspersky experts expected to see in the advanced targeted threats landscape in 2022, please read our previous yearly report.

Continue Reading