Slashdot Mirror
Norsk Hydro, One of the World's Largest Aluminum Producers, Switches To Manual Operations After Ransomware Infection (zdnet.com)
Norsk Hydro, one of the world's largest aluminum producers, said today it has "became victim of an extensive cyber-attack" that has crippled some of its infrastructure and forced it to switch to manual operations in some smelting locations. From a report: The cyber-attack was later identified as an infection with the LockerGoga ransomware strain, the company said during a press conference. News of the cyber-attack broke earlier this morning in a message the company sent to investors and stock exchanges. "Hydro became victim of an extensive cyber-attack in the early hours of Tuesday (CET), impacting operations in several of the company's business areas," the company said. "IT-systems in most business areas are impacted and Hydro is switching to manual operations as far as possible."
The company said the ransomware was planted on its network in late Monday evening
More like an employee who wasn't trained in identifying malicious e-mails got phished....
This is why, in addition to training, all Internet connected computers need to be behind proxies that don't allow executable downloads and application whitelisting should be enabled on the endpoints. There is just no other way to operate these days.
My eyes reflect the stars and a smile lights up my face.
...until you realize that your profit centers rely on it.
I have to wonder how many of these random malware infections of industrial machinery could be avoided by having all control systems running Linux.
Sure they could still be targeted by a dedicated hacker but at least you wouldn't have general mass-market malware accidentally get in and shut you down.
Maybe you could even use Wine to run existing control software and switch over today... I can't imagine the software they use is very sophisticated in terms of Windows API use.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Lack of Air gaps?
USB thumb drive attack?
Dumb management control system design?
n a subsequent update posted on the company's Facebook page, Norsk Hydro said the cyber-attack did not impact "people safety" and that smelting plants across its vast international network were "running normally on isolated IT systems," although in a manual mode, without the aid of its computer controlled systems.
This ought to be really interesting.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
In my experience, lots of factories are running Win95... maybe Win2000 if you're lucky.
I know of PLC aggregation / communication software that literally only exists on Windows, simply because that's what many factories run.
The reason for that is because the first big wave of making "smart factories" was in the late 90s.
And factories, by and large, never replace anything unless it has been fully depreciated... and sometimes, not even then.
Using a mass-market OS (Windows) for industrial machinery is just as stupid as using a toothpick to open a food can : not the right tool.
Will $CURRENT_YEAR be the year of the Linux Desktop?
If the self-checkout terminal is configured as a POS, then it is still receiving security updates:
https://www.zdnet.com/article/...
Support goes through April 9, 2019, so time is running out.
Linux won't avoid this situation. The issue isn't OS, it's complacency.
I knew someone who ran a Linux video server on a hardened Red Hat system to monitor security cameras. He never gave it a second thought until his NOC called him at 3am on a Sunday to tell him they had pulled the network cable to his server because it was launching portscans against the rest of their network.
He did the post-mortem on the server and found the attacker got in through an old SSL vulnerability. He said it was a wake up call. Just because you are running Linux with non-essential services disabled, it's meaningless if you aren't applying security updates.
It is easier to build strong children than to repair broken men. -Frederick Douglass
I know of PLC aggregation / communication software that literally only exists on Windows, simply because that's what many factories run.
Oh yes, I totally agree, I've seen the same thing.
That's why I'm saying, change the systems to run Linux and use Wine to run the software that is Windows only. Only question is what kinds of attached hardware they have that Linux would not support, but I was thinking most of it's probably variants of serial ports and it seems like if anything, obscure hardware cards would be more likely to have Linux drivers written than not.
And factories, by and large, never replace anything unless it has been fully depreciated... and sometimes, not even then.
Right, but the beauty of the plan is, no need to replace anything. Make a backup, install Linux on your existing hardware, install Wine, then the custom control software from the backup. Then you are immune to bored operators who watch porn at work or guys that pick up USB sticks off the street.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
it may not be sophisticated, but my guess is that their PCs have special hardware components and drivers to run their production equipment that are not available in WINE or linux or even Win7.
These boxes should have been on sneakernet, it's really the only solution for something this important yet this vulnerable.
If an experiment works, something has gone wrong.
I still need to maintain a bunch of AT computers on MSDOS that run some old pipetting robots. It's how it goes.
If an experiment works, something has gone wrong.
Those who prefer convenience over security... deserve neither?
Hard drives (SSDs nowadays) need a physical write lock switch. Once you set up a system so that it works like you want, you flip the switch and nothing can change it without physically flipping the switch back. OSes would need to be written so that things like log files and temporary files get written to a different drive which is write-enabled. But it would be impossible for malware to modify the core OS and programs, unless they tricked someone into flipping the physical switch. Which you can prevent by putting it behind a lock and making sure only IT has the key.
Instead we get Windows 10 with its forced automatic updates, which breaks the cardinal rule of business equipment - "If it ain't broke, don't fix it."
Indeed, if the giant several thousand ton automated smelter only has Win95 drivers then you are using Win95. Its easier and cheaper to deal with the support overhead than it is to replace massive industrial equipment.
I have to wonder how many of these random malware infections of industrial machinery could be avoided by having all control systems running Linux
My take on that is "all of them". I develop, install and maintain industrial control systems and I've refused to install anything on Windows since the early 2000. Most control/command or data acquisition software can be modified and recompiled for Linux (contact me if you want some quote!). Install a limited and ugly distro so users won't want to play games on it, tighten up the security, don't give the root password, don't put it on the 'Net without a double passworded firewall and you are good to go. Never been hacked (yet!).
Non-Linux Penguins ?
Do not disable SELinux.
Everything you say is true... but I have yet to figure out how you can do anything productive with SELinux. On the many control/command distros I run, it only causes heaps of strange and hard to diagnose problems, so I always disable it. I don't even know what that damn thing is supposed to DO...
Non-Linux Penguins ?