Adobe Systems Inc. has announced over the past week that hackers broke into its network and stole user information and possibly source code for an as-yet undetermined number of software titles, possibly its Acrobat family of products. The company said hackers also accessed nearly three million customer credit card records, and stole login data for an undetermined number of Adobe user accounts.
As we wait for more information from the vendor, this incident underscores the continued attack trends in recent days on major corporations.
Adobe is widely used inside industrial control systems (ICS) environments. Adobe does not yet know the extent of the infiltration, so is there anything that ICS operators do?
As many of the recent attacks on Critical Infrastructures & ICS are structurally contextually similar to “zero day attacks” and the vendors did not know about the attacks for several days to weeks, ICS operators are struggling to deploy technologies based on known signatures (such as AV, IDS). Here comes the beauty of change management. The “Change Management way” of securing industrial control systems asks operators to be inward looking, taking a closer look at the asset itself, harden the asset and baseline the asset in a known good state. As changes happen to the asset, monitor and track the changes to the asset. The process involves two simple steps:
- Know what’s on your assets: control system operators need to have a bird’s eye view of the assets, the type of software and the type of ports and services that are open for each asset. For example, they should deploy technologies which can “show me all the assets which have any version of Adobe installed on the asset base.”
- Configuration change management: When there is a change to the known good state of an asset (known good Adobe version), the ICS operators need to investigate and document the reason for the change. If the change is unauthorized, the reversal of the change needs to be tracked.
This short video provides show how ASM can quickly search for Adobe product in your control system environment, enabling you to mitigate potential vulnerabilities or identify changes to configurations.