Practical Industrial Internet of Things Security
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Primer on IIoT attacks and countermeasures

Understanding the dynamics involved in industrial IoT attacks is crucial to perform security risk analysis and mitigation. Threat modeling is commonly used as a security countermeasure, and has been discussed later in this chapter. Attack and fault trees are two methodologies useful to develop security threat models and to communicate the risk of an attack.

In the real world, most attacks are highly customized to target specific vulnerabilities in IoT products and connectivity. Many attacks target zero-day vulnerabilities. In the case of zero-day vulnerabilities, an exploit already exists and can be easily proliferated through the internet or corporate networks to create a snowball effect. Since IIoT involves significant investment and skills, most attacks involve nation state threat actors, who are motivated to create a major impact.

Some common types of attacks in the IIoT context are as follows:

  • Malware-triggered ransomware
  • Wired and wireless scanning and mapping attacks
  • Network protocol attacks
  • Infecting ICS and SCADA intelligence
  • Cryptographic algorithm and key management attacks
  • Spoofing and masquerading (authentication attacks)
  • Unauthorized endpoint control to trigger unintended control flows
  • Data corruption attacks
  • Operating system and application integrity attacks
  • Denial of service and service jamming
  • Physical security attacks (for example, tampering or interface exposure)
  • Access control attacks (privilege escalation)

More attack types can be added to this list. Today, ransomware attacks are rising steeply. In IIoT, if malware encrypts the data of any control system, it can directly trigger a physical catastrophe. For example, encrypting medical data in a hospital (refer to the WannaCry case study in Chapter 1, An Unprecedented Opportunity at Stake) could potentially lead to lethal consequences at scale. So, possible attacks in every deployment need to be carefully studied in order to better manage security risks.

Figure 2.1 shows the correlation of vulnerabilities, attacks, and countermeasures:

Figure 2.1: Dynamics of attacks and countermeasures; Source: Practical IoT Security, Packt Publishing
上一章目录下一章