By Andrew Ginter, VP Industrial Security

On Monday, February 15, ANSSI reported that the Russian Sandworm group had breached Centreon monitoring system installations with targeted attacks. On Tuesday, Centreon clarified that the affected systems were obsolete and open-sourced versions of the Centreon software  – versions that were out of support ever since 2016.

The incidents are nevertheless concerning for two reasons:

• The Centreon monitoring system is similar in some ways to the SolarWinds Orion monitoring and management system, and the latter was the biggest cyber breach in history.
• The Sandworm attack group is the same group that was behind NotPetya and the 2015 attack on power distribution utilities in the Ukraine.

While SolarWinds was arguably the biggest cyber breach in history, Sandworm’s NotPetya attack was likely the most destructive in history, with billions of dollars in cyber insurance lawsuits still being argued in courts.

The real question is what all this means for the future of cybersecurity and more importantly, for industrial cybersecurity. The Centreon breaches are yet more examples of targeted attacks by a very sophisticated, nation-state-sponsored attack group. While no destructive effects were attributed to the breaches, the Sandworm group has launched very destructive attacks in the past.

The conclusion? The threat environment continues to evolve. Targeted attacks are the new normal. Industrial enterprises are well advised to continue to strengthen their security postures against these sophisticated attacks.

For an analysis of 2020’s attack trends and of how modern security systems hold up against those attacks, download Waterfall’s latest eBook ICS/OT Ransomware in the Supply Chain: Learnings from Attacks in 2020.