In mid-May 2017, many companies around the world were attacked by the WannaCry network crypto variant. The Wannacle malware spread across local networks and the Internet by exploiting the CVE-2017-0143 (MS17-010) vulnerability in components of the SMBv1 service (port TCP 445) in Windows operating systems. Since the industrial network is not directly connected to the Internet, and access is provided through the corporate network using NAT, a firewall and a corporate proxy server, which makes it impossible to infect such systems via the Internet. There are typical industrial network configuration errors, which have led to WannaCry infections, according to our data:
1. Use of computers acting as bridges between several networks.
2. Connecting remote facilities.
3. Using modems and mobile phones.
Of course, completely isolating the industrial network from adjacent networks is impossible, since transferring data between networks is required to perform a variety of important functions. Following the recommendations will help you to ensure maximum protection of your industrial networks and automation systems from existing and future threats.
