Security researchers at Dragos and Sentinel One believe they have identified a new strain of ransomware designed specifically for industrial control systems (ICS)—systems most commonly associated with being at the core of utility infrastructure. ICS environments are also among the highest-value targets for cybercriminals and nation-state hackers.
Dragos warned its customers in early January, “ICS asset owners and operators are therefore strongly encouraged to review their attack surface and determine mechanisms to deliver and distribute disruptive malware, such as ransomware, with ICS-specific characteristics.” It continued, “EKANS, though primitive, represents an evolution in adversaries targeting control system environments.”
Sentinel One believes the cyber attack described in a January security alert from Saudi Arabia’s National Cybersecurity Authority on Bahrain’s national oil company, Bapco, was likely an EKANS attack.
The merging of operational technology (OT) and information technology (IT) in recent years has led to a decrease in the number of air gaps—the thing that used to make critical infrastructure like utilities less vulnerable to cyber attacks. With the rise of IoT, industrial control systems have become more connected and thus more vulnerable to attack.
The EKANS news is most relevant for companies that make up critical infrastructure, namely utilities and some industrials. While the Norsk Hydro attack in March 2019 was an example of the business disruption risk of ransomware for an industrial company, this development—and the larger move toward greater connectivity across all sectors—is a reminder of the systemic risk posed by cyber and the constantly evolving nature of that threat.
The good news is that utilities perform well as an industry in managing cyber (see Cyberhedge industry rankings). However, industrials are in the middle of the pack. Although the merging of OT and IT is most material for utilities and industrials, the full embrace of digital transformation by companies across all sectors translates to greater levels of operational and financial risk. This places a greater emphasis on the importance of cyber governance in order to better manage the downside that often doesn’t receive the necessary attention publicly or internally until a breach occurs.