Colonial pipeline ransomware alone shut down 5,500 miles of pipeline, fearing a ransomware attack on IT networks would spread to the live network that controls fuel distribution pipelines. Operational Technology (OT) networks control production lines, power plants, and the equipment needed to keep power running.
A successful attack on Raro’s OT network, but after a colonial ransomware attack, CISA felt a growing threat to owners of critical infrastructure. Security researchers are now warning about the risks associated with embedded devices on these OT networks.
A new study by a provider of embedded device security determines that ransomware can be deployed on embedded systems used in real networks. The company said it discovered a vulnerability in the Schneider Electric Ether Gee P5 protection relay, a key device for the operation and stability of the modern power grid, by activating a switch when a fault is detected. This vulnerability could be used to spread ransomware payloads. This is the “difficult but reproducible” process that Red Balloon has achieved.
Prevention of Ransomware Attacks on Embedded Devices
Listed below are some of the methods used to secure embedded systems today. By planning at the requirements stage and then implementing during product development, embedded systems can be made much more secure.
- Use a tamper-proof enclosure around the structure.
- Physical and electronic features may be added to the enclosure, such as circuit breakers or tamper-proof networks that detect the opening of the enclosure or possibly other intrusions such as a puncture. These functions can be associated with circuits that recognize and react to a tamper.
- Implement distributed circuits around a PCB whose operation changes or responds to interference. For example, a microcontroller placed on a printed circuit board can be connected to various signals that are strategically routed around critical areas.
- Use the secure boot features of the microprocessor to verify the authenticity of the firmware before execution. Before starting execution of the boot image, the processor verifies that the boot image is signed with a predefined cryptographic key that is stored in the processor or in some other secure storage mechanism.
- Enable Trusted Execution Environment (TEE) on the embedded system microprocessor. For example, ARM processors use TrustZone technology, where the processor and its set of peripherals can be divided into secure and non-secure areas.
- Use encryption to encrypt and protect transmitted data. For example, you can use strong encryption methods such as WPA-2 to transmit data over Wi-Fi.
- Store data and other important information in secure storage vaults. This can be achieved by encrypting the data in a microprocessor or other cryptographic mechanism before writing it to memory (and by decrypting the data after reading it).
- Hardware-accelerated cryptographic engines perform resource-intensive cryptographic computations much more efficiently than general-purpose CPUs. This improves cryptographic security by allowing more computations per second and allowing longer key generation.
- Hardware random number generators can provide strong and truly random data encryption keys and prevent protocol replay. The random numbers generated by the software algorithm can be reconstructed as long as the algorithm is known while satisfying the statistical requirements of randomness.
- A secure real-time clock provides a reliable, tamper-proof time source. This is critical for applications that require accurate timestamps, such as utility billing, sensor data collection, point-of-sale terminals, medical devices, and more.
- The secure debug feature protects the integrated system from attacks using standard debug mechanisms such as JTAG or the Android Debug Bridge (ADB).
- The hardware being debugged must be able to allow access to the debug port using a unique and predefined code or key. For the security of embedded systems, be careful when using the network to download bug fixes and remote updates. Hackers often use it to install code that gives them insight into a system’s incoming and outgoing traffic.
Recent Research of 2021 Embedded Attacks
As of June 2021, a new record of 78.4 million ransomware attacks has been recorded.
- A total of 190.4 million ransomware attempts in the third quarter of 2021 made it the highest quarter on record, nearly exceeding the total number of ransomware attempts recorded during the first three quarters of 2020 (195.7 million).
- The United States has reported a 127% year-to-date growth. a number of ransomware attacks, while in the UK the increase was 233%. IoT malware incidents have increased by 33% globally.
- Overall cryptojacking growth of 21% with a 461% increase across Europe.