Infrastructure
Infrastructure is gradually becoming IoT-enabled. The IoT has greatly improved the operational efficiency of infrastructure, productivity, staff safety, and has greatly advanced the industry.

However, with the introduction of smart devices and sensor devices, due to the lack of industry security standards and poor security awareness among practitioners, more and more infrastructures are experiencing hacking attacks, causing great threats and losses.

Israel's water supply was hit by multiple cyberattacks in mid-2020.These attacks were aimed at compromising the ICS command and control systems at Israeli pumping stations, sewer systems, sewage treatment plants, and agricultural pumps. The group took advantage of outdated legacy systems still in use and inadequate cryptography guidance in these facilities.

Hackers broke into and took control of the USFWS's unnamed cellular network. However, their goal was a little different than some of the others. Instead of disrupting the water supply or trying to poison the water, the hackers used a cellular router to increase cellular data charges by 15,000%, from $300 per month to over $50,000 for about two months. Vulnerability is outdated firmware and factory-installed Sixnet BT router passwords. Later that year, the Department of Homeland Security disclosed a vulnerability in the router's hard-coded credentials, which is believed to be where hackers exploit network weaknesses. The Water Authority could have plugged the leak by ensuring the vendor kept the firmware up to date and regularly checking the devices and network for vulnerabilities.

On May 7, 2021, the Colonial Oil pipeline was hit with a targeted ransomware attack. The largest overall pipeline in the United States, supplying more than 45 percent of the East Coast's natural gas, diesel and jet fuel, was forced to completely shut down its network and operations. Although they managed to restore system functionality, as of May 18, nearly 11,000 gas stations were still without fuel. The hacker group DarkSide also stole more than 100GB of data from the company's servers prior to the attack and only handed over control after Colonial paid $5 million in cryptocurrency. What's more, the average cost of gasoline per gallon in the U.S. rose to the highest level in six years nationwide.

On May 7, 2021, the Colonial Oil pipeline was hit with a targeted ransomware attack. The largest overall pipeline in the United States, supplying more than 45 percent of the East Coast's natural gas, diesel and jet fuel, was forced to completely shut down its network and operations. Although they managed to restore system functionality, as of May 18, nearly 11,000 gas stations were still without fuel. The hacker group DarkSide also stole more than 100GB of data from the company's servers prior to the attack and only handed over control after Colonial paid $5 million in cryptocurrency. What's more, the average cost of gasoline per gallon in the U.S. rose to the highest level in six years nationwide.

Shambles platform is a reverse analysis platform for IoT devices, which can automatically, comprehensively, accurately and in real time detect the security of firmware and output detailed security reports. From hardcode and weak password in firmware, expired certificate, supply chain security, disclosed vulnerability and vulnerable code, patch comparison, etc. we can track the version of infrastructure firmware, build a firmware association database, and detect whether all the firmware under management is affected in the first place when new security information is released, and issue warnings and fix suggestions. Preventing problems before they happen.

Email
Wechat
News