Slashdot Mirror

← Back to Stories (view on slashdot.org)

Norsk Hydro, One of the World's Largest Aluminum Producers, Switches To Manual Operations After Ransomware Infection (zdnet.com)

Posted by msmash on from the growing-tension dept.

Norsk Hydro, one of the world's largest aluminum producers, said today it has "became victim of an extensive cyber-attack" that has crippled some of its infrastructure and forced it to switch to manual operations in some smelting locations. From a report: The cyber-attack was later identified as an infection with the LockerGoga ransomware strain, the company said during a press conference. News of the cyber-attack broke earlier this morning in a message the company sent to investors and stock exchanges. "Hydro became victim of an extensive cyber-attack in the early hours of Tuesday (CET), impacting operations in several of the company's business areas," the company said. "IT-systems in most business areas are impacted and Hydro is switching to manual operations as far as possible."

11 of 76 comments (clear)

  1. Install vector? by The-Ixian · · Score: 3, Informative

    The company said the ransomware was planted on its network in late Monday evening

    More like an employee who wasn't trained in identifying malicious e-mails got phished....

    This is why, in addition to training, all Internet connected computers need to be behind proxies that don't allow executable downloads and application whitelisting should be enabled on the endpoints. There is just no other way to operate these days.

    --
    My eyes reflect the stars and a smile lights up my face.
    1. Re:Install vector? by geoscodin · · Score: 3, Interesting

      Sadly, I've worked places where we got training every year and people still fell for test emails and flash drives left around the parking lot. The "It'll never happen to me" belief is strong in people, even after it happens to them.

    2. Re:Install vector? by smooth+wombat · · Score: 4, Interesting

      Within the last hour I've received a few emails from our overarching IT group indicating some people have clicked a link in a fake email going around. One of the user's accounts has been disabled.

      Like you, we all receive yearly training on what type of emails not to open or click links in yet people still do it.

      Here's the best part. This email was quarantined by default (Microsoft Exchange) and the user still went ahead and released it so they could read it.

      --
      We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
    3. Re:Install vector? by The-Ixian · · Score: 3, Informative

      The problem is not so much message authenticity these days.

      The scammers have worked around DMARC by just using legit mail senders and legit web hosts/file sharing services like SharePoint.com, Google Drive, etc.

      So these days you get a message from a person you know who lost control of their e-mail account credentials. So the message passes SPF, DKIM and DMARC tests. The message contains a link to a legit file sharing site which passes blacklist link testing. The file hosted is a PDF which displays just fine in all modern web browsers because they all come packaged with a PDF reader. The PDF content emulates some kind of other legit service (docusign, etc) with a link to the actual, illegitimate, script-hosting malicious site.

      Everything is on the up-and-up as far as all the e-mail filters are concerned and the content is convincing enough or at least familiar enough for it not to raise alarm bells in most users.

      --
      My eyes reflect the stars and a smile lights up my face.
  2. Maybe develop control systems in Linux not Windows by SuperKendall · · Score: 4, Insightful

    I have to wonder how many of these random malware infections of industrial machinery could be avoided by having all control systems running Linux.

    Sure they could still be targeted by a dedicated hacker but at least you wouldn't have general mass-market malware accidentally get in and shut you down.

    Maybe you could even use Wine to run existing control software and switch over today... I can't imagine the software they use is very sophisticated in terms of Windows API use.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  3. Re:Maybe develop control systems in Linux not Wind by charon69 · · Score: 4, Insightful

    In my experience, lots of factories are running Win95... maybe Win2000 if you're lucky.

    I know of PLC aggregation / communication software that literally only exists on Windows, simply because that's what many factories run.

    The reason for that is because the first big wave of making "smart factories" was in the late 90s.

    And factories, by and large, never replace anything unless it has been fully depreciated... and sometimes, not even then.

  4. Re:Maybe develop control systems in Linux not Wind by weeboo0104 · · Score: 4, Insightful

    Linux won't avoid this situation. The issue isn't OS, it's complacency.

    I knew someone who ran a Linux video server on a hardened Red Hat system to monitor security cameras. He never gave it a second thought until his NOC called him at 3am on a Sunday to tell him they had pulled the network cable to his server because it was launching portscans against the rest of their network.

    He did the post-mortem on the server and found the attacker got in through an old SSL vulnerability. He said it was a wake up call. Just because you are running Linux with non-essential services disabled, it's meaningless if you aren't applying security updates.

    --
    It is easier to build strong children than to repair broken men. -Frederick Douglass
  5. Re:Maybe develop control systems in Linux not Wind by Ubi_NL · · Score: 4, Interesting

    it may not be sophisticated, but my guess is that their PCs have special hardware components and drivers to run their production equipment that are not available in WINE or linux or even Win7.

    These boxes should have been on sneakernet, it's really the only solution for something this important yet this vulnerable.

    --

    If an experiment works, something has gone wrong.
  6. Re:Maybe develop control systems in Linux not Wind by Ubi_NL · · Score: 4, Interesting

    I still need to maintain a bunch of AT computers on MSDOS that run some old pipetting robots. It's how it goes.

    --

    If an experiment works, something has gone wrong.
  7. Re: What is the point? by Type44Q · · Score: 3, Insightful

    Those who prefer convenience over security... deserve neither?

  8. Re:I've been saying this since the 1990s by dargaud · · Score: 3, Insightful
    It's a good idea, but I think it would be very hard to run a modern OS (Linux included) on a read-only filesystem. It would be worth a google, but I haven't read anything about it for a looong time. I DO run RO Linux on embedded controllers, on flash memory, but the central control/command PC is a standard, albeit hardened, Linux PC. Source: I work in nuclear research.

    And even a RO OS can be hacked: they find the user/passwd, they do login, install their botnet, run it until you notice (I have uptimes of YEARS), and when you reboot OK it's gone, but you've still been hacked. Airgap is the only real way to go. Multiple successive (and different) external firewalls is an acceptable alternative.

    --
    Non-Linux Penguins ?