Four OT attack scenarios which require SIGA’s Level 0 detection

05 - Sep 2023

Attack Scenario 1: (Un)authorized Access

Cyber menaces do not stem solely from the outside. Insiders who are granted access or hackers who obtain legitimate credentials can pose a serious threat to the most critical & vulnerable assets. These attacks will most likely go by undetected by standard detection tools since no malicious code or virus is used. SIGA’s ability to monitor process behavior directly from level 0 offers the ultimate method for the security of critical infrastructure regardless of the attack vector. SIGAGUARD is a tailored detection solution for such attacks, which ensures that the most valuable assets are being protected at all times.

Attack Scenario 2: Under the Radar – IT/OT ransomware attacks

Ransomware attacks are on the rise, which may leave OT environments at the mercy of hackers. Even during an IT based ransomware attack, without knowing what the attackers have gained access and control to, cybersecurity teams are many times left with only one option- shutting down the entire operation until things clear out. SIGA’s tracking of electrical signals directly from level 0 provides cybersecurity teams with the visibility they need – the unique capacity of feeling the pulse of the machinery, regardless of a possible compromise of the IT or OT networks. Thus, SIGAGUARD ensures security has the upper hand to effectively deal with such attacks on the process level, while effectively continuing production and avoiding unnecessary downtime.

Attack Scenario 3: The Enemy Within – supply chain attacks

Malicious worms can sometimes find their way into the most valuable assets from the most unexpected vectors – attacks can originate in the supply chain itself, such as infected PLC’s arriving directly from the manufacturer or vendor, or from a routine system update containing malicious code. As soon as the worm is activated, the machinery is at risk, deteriorating the capability to monitor what is the machine’s real status and limiting the ability to detect such attacks using standard security tools that are looking for external threats. SIGA’s out-of-band solution, SIGAGUARD, monitors the electrical signals coming directly from the machinery level, regardless of where the malicious code came from. SIGAGUARD detects such anomalies, sends out a real–time alert, and, using cutting- edge Machine Learning algorithm, can suggest the most suitable methods to deal with such attacks quickly and effectively.

Attack Scenario 4: Spoofing OT networks

Machines utilize electrical signals as their language to communicate their physical state, and the PLC serves as the translator of this physical information to digital forms. All the data gathered in the PLC is later transferred to the HMI, where operators can see and know what is the machinery state. But what happens if the translator itself is attacked and translates the information in the wrong way? The machines could be damaged by the attacker, while the people in-charge not even knowing about the attack, thinking that everything is normal. SIGA’s PRM solution offers a distinct method to tackle such threats. By connecting and correlating between signals coming from unfiltered Level 0 electrical signals, compared to the data sent to the HMI layer, SIGAGUARD will alert as soon as it detects a spoofing attack where false data is injected to the HMI. SIGAGUARD will inform the operators about the real machine status, allowing them to act upon the risk as quickly and as effectively as possible.