The cyber-physical attack threat is growing

In most cases, a breach involves hackers stealing data they can then resell on the dark web. As a result, distributed denial-of-service (DDoS) attacks and other attacks used to steal data are part of a hacker’s repertoire that managed service providers (MSPs) must constantly be vigilant against. It is now becoming increasingly common for these same hackers to inflict physical damage with their attacks. For example, a cybercriminal who attacks industrial equipment can cause temperature gauges or valves to malfunction, resulting in overheating or even explosions. Most cybersecurity specialists refer to this as a “cyber-physical attack.”

A new era of vulnerabilities

One of the first documented cyber-physical attacks occurred in Poland in 2008 when a teenage hacker derailed four tram trains.

Another attack that raised concern was at a German steel mill in 2014.

Security Week reported about the incident: Control components and entire production machines suffered outages due to the attackers’ actions. The outages prevented the plant from appropriately shutting down a blast furnace, leaving it in an undetermined state. This resulted in significant damage to the plant.

“Cyber-physical attacks do happen, and they can be quite damaging,” states Stefan Chekanov, CEO of Brosix, a workplace teamwork app.

Chekanov adds that the age of the Internet of Things (IoT) has brought many more attack surfaces, pointing out, “If the threat was not as significant ten years ago, technological advancements have led to the introduction of billions of new devices that can be exploited. Today, hackers can take control over digital systems, which can result in property damage.”

To make sure there aren’t new vulnerabilities that could expose physical systems, organizations need to conduct an active assessment to protect themselves.

“This could include inspecting existing security measures and identifying areas where protection for physical damage from cyberattacks is lacking,” advises Chekanov. He adds that cybersecurity professionals should collaborate closely with operational teams to better understand the specific risks associated with physical systems and improve their resilience to these emerging threats.

Physical threats are on the rise

Bob Bilbruck, CEO of Captjur, a business services and IT company, agrees the physical threat to systems is growing. He cites a couple of areas that could be impacted by a cyber-physical attack:

Server overheating: If a DDoS attack generates an enormous amount of traffic, the servers handling the attack could experience excessive load, potentially leading to overheating. While modern servers have safeguards against such issues, extreme cases might still risk hardware failure.

Data center disruption: A significant DDoS attack could strain a data center’s infrastructure. If the attack causes enough disruption, it might lead to power issues, cooling system failures, or other secondary impacts that could damage physical equipment.

Network equipment stress: High volumes of traffic can put stress on network equipment such as routers and switches. Prolonged stress might lead to failures or malfunctions in these devices.

Cooling system failure: Data centers and server rooms have cooling systems to maintain optimal operating temperatures. A DDoS attack can cause a surge in server activity, potentially straining cooling systems and leading to overheating issues.

IoT registry

Bilbruck believes it’s time to establish a dedicated registry specifically for IoT devices.

“A device registry maintains a comprehensive list of all authorized devices within a network or organization. By keeping track of each device’s unique identifiers and attributes, it becomes easier to distinguish between legitimate and potentially malicious devices. A device registry enhances an organization’s ability to monitor, control, and respond to network traffic. This makes it an effective tool in mitigating the risk and impact of a DDoS attack,” Bilbruck says.

He points out that other benefits that an IoT registry would provide include:

Enhanced incident response: In the event of a DDoS attack, having a device registry allows for faster identification and isolation of compromised devices. This helps limit the spread of the attack and focus mitigation efforts more effectively.

Network segmentation: By using a device registry to manage network segmentation, organizations can create isolated network segments for different types of devices or services. This reduces the attack surface and limits the impact of any DDoS attacks to specific segments rather than the entire network.

Key steps to protect your organization

Many experts agree that these types of threats are increasing. In a recent report, Verizon called cyber-physical attacks “a growing threat” and recommended organizations take the following steps:

• Build strong security features into your connected device software.
• Conduct more security testing while developing the software.
• Work with device manufacturers, software developers, and network providers to stop physical attacks.

As cyber-physical threats continue to grow in both complexity and frequency, it’s imperative for organizations to adapt their security strategies accordingly. By focusing on robust security measures, proactive testing, and collaboration across device manufacturers, software developers, and network providers, companies can better safeguard their systems against these emerging dangers.

Photo: Janews / Shutterstock