Up until year 2000, Industries were not so much prone to cyber-attacks. With rapid increase in digitisation, Cyber-attacks in industries become increasingly more and more daunting. To understand the devastating effects of a cyber-attack, below are world’s top brutal cyber security attacks on Industries. This is a definite wake up call for all kind of industries to build digital wall which can safeguard their digital property.
Discovered in 2010, the Stuxnet virus remains, to date, one of the largest and most “successful” industrial attack in cyber history.
All allegedly a state-sponsored weapon, the Stuxnet worm targeted the PLC systems in Iran’s nuclear program, causing centrifuges to spin out of control without triggering alarms. Before it was caught, the attack was able to destroy up to 1/5th of the country’s nuclear centrifuges and set its nuclear program back a decade.
2. Tran-Siberian Pipeline
This may be one of the earliest examples of a devastating industrial hack. In 1982, the CIA successfully planted a “Logic-Bomb” into the SCADA system controlling the USSR’s Siberian natural gas pipeline. The result was what the Washington Post called the “the most monumental non-nuclear explosion and fire ever from space.”
In august 2012, a coordinated “spear-phishing” attack targeted the computer network of Saudi Arabia’s state-owned oil firm, Aramco.
The attack infected as many as 30,000 computers and took two full weeks to beat, but it failed to completely shut down the flow of oil, which appears to have been its primary goal.
4. Water Tower Decoy
In December 2012, a malicious computer virus concealed in an MS Word document sent from Chinese Hacking group, APT1, successfully took over a water tower control systems in U.S.
Luckily for anyone nearby, the tower was actually a decoy set up to attract such would-be industrial attacks. So, while nothing was hurt or destroyed in this incident, it did demonstrate the frightening reality -how easy was it to wage such attacks.
5. Solar World
In 2012, at about the same time the Commerce Department found that Chinese solar product manufacturers had dumped products into US markets at prices below fair value. The unidentified co-conspirator stole thousands of files including information about Solar World’s cash flow, manufacturing metrics, production line information, cost, and privileged attorney-client communications relating to ongoing trade litigations, among other things.
6. SpamHaus DDoS
In early 2013, Dutch domain provider, Cyberbunker launched a cyber-attack against international anti-spam watchdog, Spamhaus. That offensive quickly escalated into what remains the largest Directed Denial of Service attack ever waged.
The attack slowed the internet to a halt all across the globe, hitting manufacturers, financial institutions, supply chain logistics and every other piece of the digital economy with heavy wait times and giant losses.
7. Global Ping
In April 2013, the entire Internet – all 3.7 billion connected computers and devices in factories, pockets and offices all around the world – was pinged by a single operator.
That ping revealed about 114,000 manufacturing control systems vulnerable for attack, about 13,000 of which can be accessed without inputting a single password. If nothing else, this event acted as a wakeup call for industry.
In May 2012, Russia’s Kaspersky Lab – one of the world’s biggest producer of anti-virus software discovered another highly sophisticated virus detected in Iran.
Unlike Stuxnet, this virus, called Flame – which ran undetected for years – was designed to steal PDF files and AutoCAD drawings, which means the originator of the attack was after designs, plans and preciously guarded IP data locked inside some of the country’s biggest industrial facilities.
9. U.S. Steel
In 2010, U.S. Steel was participating in trade cases with Chinese steel companies, including one particular state-owned enterprise. Shortly before the scheduled release of a preliminary determination in one such litigation, Sun sent spear phishing e-mails to U.S. Steel employees, some of whom were in a division associated with the litigation. Some of these e-mails resulted in the installation of malware on U.S. Steel computers.
“Three days later, hackers stole hostnames and descriptions of U.S. Steel computers (including those that controlled physical access to company facilities and mobile device access to company networks).
10. Blackout Worm
One of the biggest electrical blackouts in history – the 2003 First Energy blowout that left eight states in the dark for days – may have been the result of what is described as an “accidental cyberattack.”
According to the AFCEA, Kaspersky labs identifies the culprit as a malicious worm designed to attack Windows and Unix systems of private users, not critical infrastructure. However, when the system monitoring the grid was infected, the hackers got more than they expected.
Not everyone agrees, however, the ACLU, for example, notes: “A detailed 228-page investigation by the North American Electric Reliability Corporation pointed to numerous sources of the problem, a list that did not include hackers.”
So you can count this one as fact or myth, but it still paints a chilling image of the devastation possible with the loss of any part of our key infrastructure. Once you are connected to the Internet without a firewall in place, nothing is safe.