What are Cyber-Physical Systems?
To understand cyber-physical attacks, it is important to first understand cyber-physical systems. Cyber-physical systems—systems that combine computing, networking, and physical processes to accomplish a task—are the foundation for the industrial revolution known as Industry 4.0. The National Institute of Standards and Technology (U.S. Department of Commerce) has broadly defined a cyber-physical system as an “interacting digital, analog, physical, and human components engineered for function through integrated physics and logic.” These systems are likely to transform the global advanced manufacturing landscape. Computer-controlled feedback loops are embedded in systems and processes to monitor and control computations and physical processes alike. IT Support New Orleans offers extensive information and guidance on how to protect your infrastructure from cyber-physical attacks.
6 Common Types of Cyber-Physical Attacks
As devices become more interconnected, there is a growing concern about attacks on systems that combine physical and digital elements. These “cyber-physical” systems include everything from smart homes and cars to industrial equipment. They’re becoming increasingly common because they can be more efficient or have better safety features than traditional machines. But these benefits come at a price. Cyber-physical systems are vulnerable to new types of attacks that fall outside the traditional definitions of malware or network security breaches.
In the simplest case, physical damage can be caused through mere access to the system’s control logic. For instance, if an attacker is able to gain access to an industrial control system that controls valves or pumps on a manufacturing line, they could potentially cause physical damage by opening or closing these valves/pumps.
More complex attacks involve compromising some part of the cyber-physical system in order to use it as a stepping stone for gaining access to another device or network segmented from the rest of the controlled network. This can happen if an attacker gains access through one door and then uses this new vantage point as an entry point into other parts of your organization’s systems.
Zero-day attacks
Zero-day attacks exploit a vulnerability in the software that is unknown to the vendor and has not been patched. The attacker uses this knowledge to gain access to your system or network. They are often used by hackers looking for data theft, which makes them dangerous because they can cause major damage without warning.
Zero-day attacks can be divided into two categories:
- Exploiting a vulnerability that is known to the vendor but has not been patched (known as an unpatched zero-day exploit). This type of attack takes advantage of software bugs that have been identified by developers but have not yet been resolved with an update or patch.
- Exploiting a newly discovered vulnerability before it is fixed (called remote code execution). Remote code execution allows malware authors to infect systems remotely through web browsers, emails, instant messaging applications, and other programs on your computer
Eavesdropping attacks
Eavesdropping attacks happen when an attacker listens to the communication between two parties. These types of attacks can also be called sniffing since they involve listening in on data packets as they are sent across a network.
Eavesdropping attacks can be passive or active. Passive eavesdropping involves the attacker listening to the communication without being detected, while active eavesdropping involves creating an intermediary device that actively participates in communications and provides false information about who it is communicating with. In either case, attackers may use this information for monetary gain or industrial espionage purposes.
Denial-of-Service (DoS) attacks
Denial-of-service attacks are the most common type of attack on the internet. They’re easy to launch, and very difficult to defend against.
The goal of a DoS attack is simple: overwhelm a server or network with requests, preventing legitimate users from accessing it. The hacker generally leverages a botnet—a collection of devices infected with malware that can be remotely controlled by an attacker—along with some other useful tools like spoofed IP addresses and domain name system (DNS) servers to launch the attack. Once these pieces are in place, a botnet can send thousands or even millions of requests per second at any target the hacker chooses, overwhelming it with traffic until it crashes or becomes unusable for legitimate users.
Finally, there exists another type of attack called DDoS (distributed denial-of-service), which works by having multiple computers sending requests at once. This makes blocking individual bots harder because they aren’t coming from one source but rather multiple sources around the globe—not just one centralized location like most botnets.
Data Injection attacks
Data injection is a type of cyber-physical attack that targets systems with software vulnerabilities to inject malicious code into their operations. These attacks occur when an attacker uses a malicious program to secretly modify or influence data in transit between two legitimate systems. Data injection attacks can be used for many purposes, including identity theft and fraud, disrupting services, stealing customer or employee data, or creating other general havoc.
Replay attacks
Replay attacks occur when an attacker replays a previous message in order to gain access to a system. This can be anything from a password reset request to a command that enables the attacker to control your computer remotely.
In order to prevent replay attacks, you must use some form of token on every transaction so that your system knows the request is legitimate and not just an earlier request replayed back at you.
Side-Channel Attacks
A side-channel attack is a method of stealing information from a computer or other information systems. Side-channel attacks use the physical implementation of a system to infer information about what’s going on inside it. For example, if you have access to the power consumption of an electronic device, you can use that data to determine what applications are running on it and how much processing power they’re using.
How do attackers get access to this kind of information? Most commonly through electromagnetic emanations—the amount of energy given off by a device in its various states (e.g., booting up). If someone wants to steal your credit card number from your phone, they could perform passive side-channel attacks by simply standing near you while you make purchases at the register and recording them with special equipment designed for such tasks. Side-channel attacks are extensively leveraged for illegal collection of data through information leaks, especially in industrial equipment.
To protect your business systems against these and a slew of other cyber threats, please contact the experts at CommTech Managed IT Services.
Post courtesy: Bridget Juelich, Sales & Marketing Manager at CommTech
