— Ad what did the investigation show?

[rakhirhif8963]

Recently, the central control center received a call from one of the operators, who reported that all computers in the local control center had failed. At the same time, all the plant's systems were working normally, only the monitoring system was damaged. As it turned out, the computers were infected with ransomware, which is quite strange, since they are physically isolated from the external environment and are located on the internal network.


— That the IT department is negligent in its duties! They reinstalled the OS on the affected PCs, but again did not install all the updates. As a result, the system crashed again from the same attack. The infection occurred again.

And when they started looking for the cause, it turned out that the saudi arabia whatsapp data management had purchased a “smart” coffee machine for its employees, which required an Internet connection and which the manufacturer’s service staff connected to an isolated Wi-Fi network and the internal network of the control center.

— And the coffee machine was running under an infected OS?

- Well, yes! And the most interesting thing is that no one told anyone about the need to connect the coffee machine to the Internet and they connected it using the password issued for service work.

- Yes... You made me laugh. What can I say? The enterprise is a mess, though. It turns out they didn't monitor the appearance of third-party connections on the network?

— Yes. And besides, to connect devices, they did not require written approval from the IT and IS management.

This is what happened at one of the European oil refineries. I hope you are monitoring the appearance of new devices on the network?