Slashdot Mirror
Norsk Hydro, One of the World's Largest Aluminum Producers, Switches To Manual Operations After Ransomware Infection (zdnet.com)
Norsk Hydro, one of the world's largest aluminum producers, said today it has "became victim of an extensive cyber-attack" that has crippled some of its infrastructure and forced it to switch to manual operations in some smelting locations. From a report: The cyber-attack was later identified as an infection with the LockerGoga ransomware strain, the company said during a press conference. News of the cyber-attack broke earlier this morning in a message the company sent to investors and stock exchanges. "Hydro became victim of an extensive cyber-attack in the early hours of Tuesday (CET), impacting operations in several of the company's business areas," the company said. "IT-systems in most business areas are impacted and Hydro is switching to manual operations as far as possible."
The company said the ransomware was planted on its network in late Monday evening
More like an employee who wasn't trained in identifying malicious e-mails got phished....
This is why, in addition to training, all Internet connected computers need to be behind proxies that don't allow executable downloads and application whitelisting should be enabled on the endpoints. There is just no other way to operate these days.
My eyes reflect the stars and a smile lights up my face.
...until you realize that your profit centers rely on it.
with some Siemens equipment.
I have to wonder how many of these random malware infections of industrial machinery could be avoided by having all control systems running Linux.
Sure they could still be targeted by a dedicated hacker but at least you wouldn't have general mass-market malware accidentally get in and shut you down.
Maybe you could even use Wine to run existing control software and switch over today... I can't imagine the software they use is very sophisticated in terms of Windows API use.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Lack of Air gaps?
USB thumb drive attack?
Dumb management control system design?
n a subsequent update posted on the company's Facebook page, Norsk Hydro said the cyber-attack did not impact "people safety" and that smelting plants across its vast international network were "running normally on isolated IT systems," although in a manual mode, without the aid of its computer controlled systems.
This ought to be really interesting.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
The Russians did't like their production of heavy water for the German nuclear bomb program... oops, wrong century... :)
Yeah, I know full well this point of view will be seen as flamebait, but I think the point merits a valid discussion.
File under 'M' for 'Manic ranting'
In my experience, lots of factories are running Win95... maybe Win2000 if you're lucky.
I know of PLC aggregation / communication software that literally only exists on Windows, simply because that's what many factories run.
The reason for that is because the first big wave of making "smart factories" was in the late 90s.
And factories, by and large, never replace anything unless it has been fully depreciated... and sometimes, not even then.
Using a mass-market OS (Windows) for industrial machinery is just as stupid as using a toothpick to open a food can : not the right tool.
Will $CURRENT_YEAR be the year of the Linux Desktop?
Lol they had to install the certificate too. https://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-allegedly-used-in-altran-attack/
On that note. I was in shock the one day at the supermarket when I walked by self checkout terminal that was not working. It had a windows XP screen up with the error message. This was in a major supermarket so I do not know if they were just acting as a dumb terminal with a secure server locally. But itscared the shit out of me when I seen that
Anonymous comments are as pathetic as the anonymous "sources" that contaminate gutless journalism from the New York Time
What is the point of connecting these to the internet. Wouldn't this best be done on its own separate network that doesn't have that?
http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
If the self-checkout terminal is configured as a POS, then it is still receiving security updates:
https://www.zdnet.com/article/...
Support goes through April 9, 2019, so time is running out.
Most places are more interested in the applications than the OS.
Linux won't avoid this situation. The issue isn't OS, it's complacency.
I knew someone who ran a Linux video server on a hardened Red Hat system to monitor security cameras. He never gave it a second thought until his NOC called him at 3am on a Sunday to tell him they had pulled the network cable to his server because it was launching portscans against the rest of their network.
He did the post-mortem on the server and found the attacker got in through an old SSL vulnerability. He said it was a wake up call. Just because you are running Linux with non-essential services disabled, it's meaningless if you aren't applying security updates.
It is easier to build strong children than to repair broken men. -Frederick Douglass
I know of PLC aggregation / communication software that literally only exists on Windows, simply because that's what many factories run.
Oh yes, I totally agree, I've seen the same thing.
That's why I'm saying, change the systems to run Linux and use Wine to run the software that is Windows only. Only question is what kinds of attached hardware they have that Linux would not support, but I was thinking most of it's probably variants of serial ports and it seems like if anything, obscure hardware cards would be more likely to have Linux drivers written than not.
And factories, by and large, never replace anything unless it has been fully depreciated... and sometimes, not even then.
Right, but the beauty of the plan is, no need to replace anything. Make a backup, install Linux on your existing hardware, install Wine, then the custom control software from the backup. Then you are immune to bored operators who watch porn at work or guys that pick up USB sticks off the street.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
it may not be sophisticated, but my guess is that their PCs have special hardware components and drivers to run their production equipment that are not available in WINE or linux or even Win7.
These boxes should have been on sneakernet, it's really the only solution for something this important yet this vulnerable.
If an experiment works, something has gone wrong.
"I know of PLC aggregation / communication software that literally only exists on Windows, simply because that's what many factories run."
Pretty much all of them do and only on Windows.
They are using phishing campaigns to target these and malware exists for Linux, you fucking idiot. They even had to click to install the certificate for this. You know NOTHING ABOUT THIS, MORON, BECAUSE YOU CANNOT READ.
And you're too lazy to try.
I still need to maintain a bunch of AT computers on MSDOS that run some old pipetting robots. It's how it goes.
If an experiment works, something has gone wrong.
It's a fair guess, it may be limited even to a 16-bit proprietary code requirement linked to a critical system that simply can't be "easily" upgraded without replacing the hardware also. Kendall's "oh, just install Ubuntu" non-solution is retarded...
But we're used to that by now.
Linux wouldn't improve matters - OK it will in the short term, but in the long term, it makes zero difference. Sure the manufacturer could run things properly with proper privilege separation and such, but in reality, everything will run as root. At which point you're really not much better than a Windows based system. And even if you don't use root, eventually things will be that everyone uses root on the control PC.
Sudo won't really help either if everyone simply gets used to issuing it before every command that fails.
Whatever Linux would provide, it would be temporary as it's just obscure at the moment, but once people get used to it, all the ugly shortcuts will be revealed.
Hard drives (SSDs nowadays) need a physical write lock switch. Once you set up a system so that it works like you want, you flip the switch and nothing can change it without physically flipping the switch back. OSes would need to be written so that things like log files and temporary files get written to a different drive which is write-enabled. But it would be impossible for malware to modify the core OS and programs, unless they tricked someone into flipping the physical switch. Which you can prevent by putting it behind a lock and making sure only IT has the key.
Instead we get Windows 10 with its forced automatic updates, which breaks the cardinal rule of business equipment - "If it ain't broke, don't fix it."
When many of these systems were put in place there wasn't much in the way of alternatives. People forget, but Linux hasn't king for all that long. There was a time when the world was completely run by Unix dinosaurs, Windows and very niche and expensive OS's. Many things that never should have, ended up with Windows because it was affordable on the scale needed and finding developers familiar with the platform was cheap and easy.
Indeed, if the giant several thousand ton automated smelter only has Win95 drivers then you are using Win95. Its easier and cheaper to deal with the support overhead than it is to replace massive industrial equipment.
I have been running a CentOS Server open to the public internet for several years now, with almost no maintenance. The trick is to enable automatic security updates to run at least once a day, and to monitor log files. Reboot the box after kernel updates, and restart updated services as soon as possible. Use non trivial passwords. Also, set up a few seconds of wait time after failed login attempts if at all possible. Five to ten seconds is enough - normal users will not even notice, and normal hackers will get off your system really fast. Setup SSH login with certificates, it's not that hard to do. Do not disable SELinux.
It's actually quite easy not to be a low hanging fruit for hackers. Just waste enough of their time and effort, and lough at their failed brute force login attempts.
Welcome to the promised age of IoT! No, there is no free lunch. Please pay your monthly ransom on time.
My guess is that they tried to save money by not adequately staffing and finding IT to boost quarterly profits. Too bad the people who caused this already got their bonuses. Wonder how many of these it'll take until businesses wake up...
I have to wonder how many of these random malware infections of industrial machinery could be avoided by having all control systems running Linux
My take on that is "all of them". I develop, install and maintain industrial control systems and I've refused to install anything on Windows since the early 2000. Most control/command or data acquisition software can be modified and recompiled for Linux (contact me if you want some quote!). Install a limited and ugly distro so users won't want to play games on it, tighten up the security, don't give the root password, don't put it on the 'Net without a double passworded firewall and you are good to go. Never been hacked (yet!).
Non-Linux Penguins ?
Do not disable SELinux.
Everything you say is true... but I have yet to figure out how you can do anything productive with SELinux. On the many control/command distros I run, it only causes heaps of strange and hard to diagnose problems, so I always disable it. I don't even know what that damn thing is supposed to DO...
Non-Linux Penguins ?
Why is there not a real air gap between the Intertoobs and Norsk Hydro? Same can be said about infrastructure like power gen and grid controls, and numerous other big things that could suffer massive damage from some anus or state actor.
Sure, I get that, for example, in power generation, it makes the job of coordinating the systems over a wider area substantially easier. They have to control how much power they add to the regional grid, keep the output freq ~60Hz, etc. Of course, they did the same thing before Al invented the 'net, using plain old telephones. Even(gasp!) dial phones.
Sure, OK, yes, there are other vectors for malware and other evils, but most of this stuff happens because someone got into the system(s), through the net connex. Yes, maybe it'll take a lilbit longer to coordinate and operate by POTS lines, maybe takes a few more workers, maybe maybe.
I've yet to see any real debate on this issue. Does anyone here maybe work in industry, maybe a power utility, that has some real kn owledge on this they can share with us? I know I'm not the only person that's wondered about this.
Olphart at play. Ruck FepubliKKKans. Welcome to the Worldwide Idiocracy, y'all.
Don't be ridiculous. Linux has the magic many eyes security system that means there are no security flaws. Anyone saying otherwise must be a Microsoft shill.
Sneakernet is not an option, those machines need 24/7 monitoring so they need to be networked.
The issue is separation of networks with firewalls, not just routers. Computers with Internet access should not be on same network as computers controlling production equipment.
In a perfect world the separation should probably be on department level that is however not really an option in a Microsoft Windows environment.
another case of an IT (Corporate) network operated by incompetent boobs taken out by simple nuisance malware. Once again, the Industrial Control Systems were completely unaffected (they are obviously not run by the same boobs that run the corporate network).
As I have said before and will say again, the biggest threat to ICS is "IT" types ... and the more you can keep them in their own world and out of "computer systems that do real work" the better.
Another Satisfied Microsoft Customer!
Seriously though, Windows might be a good gaming platform (if you can't use Wine+dxvk for what you play) but why the HELL would you use it for anything important for your business or otherwise mission-critical? ESPECIALLY after Win10?? I want to feel bad for this company and how they were victimized by malware, I really do, but I just can't, not with all the widely known easily available information out there. And it's not like Win10 and all of its mal-features is exactly a surprise, given the last 30+ years of history.
The old saying was, if you get into bed with Microsoft you are going to get fucked. Those who fail to learn from history ...
You're right about people who think It Can't Happen Here. The same applies to the large number of Americans who think the American government can never creep far out of control simply because it's America. They really, really don't grasp the most basic history.
Most places are more interested in the applications than the OS.
Yeah I knew a guy who was interested in driving, not in anything about the car. Strangely enough he had a lot of breakdowns. His mechanic even had the nerve to tell him that he could have prevented these with routine maintainence!
This is why you run it in passive mode for a while and learn all the violations then whitelist those using the policy generating tools that come packaged with SELinux. It actually isn't that hard and is well worth the effort to learn how to use it.
My eyes reflect the stars and a smile lights up my face.