A leaked report from the NCSC has confirmed that several industrial control systems and service organisations in the UK have been breached by hackers.
Last month, the GCHQ confirmed that it was fighting “ongoing, constant, relentless wars” with state-sponsored hackers.
A report compiled by the National Cyber Security Centre, a copy of which was obtained by Motherboard via anonymous sources, has confirmed the worst fears of the government as well as critical infrastructure firms in the UK.
The report confirms that ‘a number of Industrial Control System engineering and services organisations are likely to have been compromised’ following sustained cyber-attacks. It adds that hackers may have finally tasted success after targeting engineering, industrial control, and water sector companies since early June.
“The NCSC is aware of connections from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors,” the report said.
“NCSC believes that due to the use of wide-spread targeting by the attacker, a number of Industrial Control System engineering and services organisations are likely to have been compromised,” it added.
The report adds that hackers have been trying to connect organisations’ industrial control systems to malicious IP addresses using SMB and HTTP vulnerabilities in order to gain access to user passwords. Even though it is silent on whether the hackers are state-sponsored, it has advised energy and infrastructure firms to enable two-factor authentication in industrial control systems.
The NCSC confirmed the authenticity of the report to Motherboard and said that it is liaising with its counterparts ‘to better understand the threat and continue to manage any risks to the UK’.
Last month, a number of energy firms expressed significant concern over the fact that hackers may eventually get past the gates and shut down critical national infrastructure, thereby affecting millions of lives. A survey by PricewaterhouseCoopers revealed that over half of all energy firms were also worried that their ‘client data wasn’t handled securely enough by their energy supplier’.
The survey of 500 UK businesses also revealed that if cyber-attacks took place, 57% of businesses and 70% of industries would switch supplier, thereby severely impacting the energy sector. A large number of industries are also considering switching from conventional to smart energy technology, thereby placing an additional responsibility on energy firms to strengthen their cyber-security protocols.
“The emergence of large-scale malicious campaigns targeting industrial enterprises indicates that black hats see this area as promising. This is a serious challenge for the entire community of industrial automation system developers, owners and operators of such systems, and security vendors. We are still remarkably languid and slow-moving in most cases, which is fraught with dangers under the circumstances,” said Kaspersky Labs.