Managing cyber risks is a key challenge of digitization
In the morning of May 12th 2017, the WannaCry ransomware attack struck. The first victims were the UK's National Health Service (NHS) and Telefónica, the largest telecom company in Spain. The outbreak spread rapidly across the globe and by day’s end had taken root in 150 countries, including the USA and China, the latter of which had a large concentration of computers running unlicensed or outdated versions of Windows, making it the hardest hit.
WannaCry and other attacks pose a huge challenge to the industry, both because of the increasing sophistication of the attacks themselves and also because of the outdated nature of many people’s machines. Attacks have already included relying on social engineering or virus-embedded USB flash drives introduced into sometimes antiquated production environments, bypassing more modern defenses.
Once there, the malware can proceed to infect the whole IT system, encrypting data or the entire system for use in a blackmail scam. Although as in this case a patch against the attack has been available in advance, this was often not installed. Due to the possible negative impact of the patch to the function of the machine or e.g. medical device, the rollout for such updates takes in practice normally 6 to 12 month.
Cyber-security will always remain an ongoing challenge. We’ll always have to keep updating our systems...as there will always be new viruses and attempts to breach cyber defences.
Lior Tabansky, Cyber Security Expert
The WannaCry Attack in numbers
-
More than 400,000 machines infected
-
WannaCry had initially been discovered 91 days prior to the outbreak
-
The attackers earned approximately $50,000 in bitcoin in three days
-
98% percent of victims were using Windows 7
-
The patch for the SMB vulnerability was available 59 days prior to the attack
-
Over 1 million computers have port 445 (the most vulnerable SMB port) open
A constant race between hackers and businesses
The WannaCry malware attack demonstrated that companies who are not proactive and vigilant in how they deal with their cyber security will be exposed and at more risk. With technologies such our Secure Industrial Visibility system there is the opportunity to have greater security and protection for businesses looking to securely and safely work in Industry 4.0.
Connected and protected
G+D Mobile Security is currently working with customers in health, the automotive industry, construction, mechanical engineering sector and production industry among others to bring a solution to these industries that has proven highly effective in other areas. Secure Industrial Visibility (SIV) has been deployed to meet the high security requirements within critical infrastructure. Continuous optimization has ensured its on-going success from its launch in 2010.
A holistic approach to secure connectivity in the Internet of Things
At G+D Mobile Security we stay one step ahead of the ransomware attackers. We offer ‘Active Cyber Protection’ to tackle ransomware head on. This cyber protection suite protects industrial machines and “machine-like” devices such as those within critical infrastructure, just like the NHS medical devices which were the targets of the WannaCry attack. Active Cyber Protection consists of five cyber protection tools. It is one of the two standalone modules that form the Secure Industrial Visibility portfolio.
The Active Cyber Protection part of our Secure Industrial Visibility solution successfully prevents the scanning of open ports as a point of attack and effectively hides the equipment’s operating syst
Dr. Christian Schläger, Head of Cyber Security at G+D
Machine-learning to flag unusual system behaviour
A part of our Active Cyber Protection solution is the Anomaly Detection System (ADS). After an initial phase, this self-learning software can identify if your system might be compromised by malware. In this case, an alert will be sent to the people responsible (you or us) who can then put new defence strategies in place. Commonly-used IT security products such as Anti-Virus Software only detects known attacks. ADS, on the other hand, detects attacks by their communication patterns – independent of whether the nature or type of attack is known or unknown. “Active Cyber Protection” and common IT security systems can now prevent the spread from the initially infected system to other computers, equipment and devices.
An invisibility cloak for machines and machine-like devices
At G+D, we have developed an IT security appliance, which protects industrial machines from cyber-attacks. This “Stealth Shield” allows the decoupling of the long lifecycle of the machine and the short lifecycle of the security. With the Stealth Shield the security is always up-to-date as our Advanced Security Service, which provides vulnerability management, frequent security reporting as well as pen testing and validity checks for used certificates.
G+D Stealth Shield
The Stealth Shield can easily integrated into the machine or the entire network, no need to install software to the machine. The highest level of protection can be reached, if it is directly integrated into the machine. Another option to limit the risk for a local attack, is to run the Stealth Shield directly at the machine, for example via a USB-Port.
An important, unique function of this device is the “Stealth Mode.”
The benefits include:
-
Makes it 100% invisible to the network
-
No assigned IP-address or open ports
-
Still keeps its defined IP-address
-
The machine behind it will also be invisible to the network/internet
-
An optional ADS can be integrated for additional secure monitoring
