Placing OT knowledge at the heart of operational security
Cyber threat actors are savvier than ever. From ransomware to identity spoofing to email phishing scams, cyber attackers have stepped up their game to an unprecedented level. It’s clear that when there’s a financial incentive, threat actors can be very resourceful. This places many organizations’ operational technology (OT) and Internet of Things (IoT) environments in a precarious position, as companies have more to lose than the average end user.
No doubt the cyber threat landscape is evolving – and it can be challenging for anyone to keep up, let alone large-sized organizations with hundreds or thousands of workers plus an expansive collection of interconnected industrial machinery. Making matters worse, the uncertain climate of the past six months has provided those with malicious intent with a fractured, fragile environment that is ripe for taking advantage of.
As detailed in Nozomi Networks Lab’s OT / IoT Security Report: Cyber War Insights, Threats and Trends, Recommendations, several high-level ‘cyber events’ have already occurred in the first half of 2022. Just as cyberterrorism and misinformation fallout from the 2021 US elections were receding, rising tensions between Russia and Ukraine started a new flurry of threat activity, with alleged Russian state-backed advanced persistent threats (APTs) taking on vital infrastructure.
Almost immediately, enterprises across industries began reporting varied threats. Microchip maker Nvidia reported that a ransomware attack hit its US operations. Car manufacturer Toyota had to cease operations after multiple cyberattacks on its supplier ecosystem. And financial cyberthreat opportunists Lapsus$ breached both Samsung and Microsoft, targeting their mobile and dev ops servers, respectively, and stealing hundreds of gigabytes of source code.
Nozomi Networks Lab breaks down the broad threat attack surface that organizations face today, paying particular attention to the rising risks of a data breach or a cyber-physical attack (a complicated scenario involving multiple integrated systems).
Factors contributing to the complicated OT security landscape include the rising number of IoT devices connected to a company’s network, the increasing reliance on cloud and data sharing tools, and the significant increase in attacks aimed at critical public infrastructure and industrial control systems (ICS).
“I think it’s important to know why do threat actors want to target IoT. Two main things that come to mind,” Roya Gordon said. Speaking exclusively to us, the Security Research Evangelist at Nozomi Networks continued, “Threat actors can launch multiple attacks or use IoT as a pivot point to access OT environments, launch a denial-of-service attack or control the other IoT devices on the network to create this mass widespread attack.”
This method is attractive to attackers as they can launch a large-scale intrusion by just compromising one device. “Another thing is low-hanging fruit, for sure,” added Gordon referring to exposed, unprotected endpoints or connected devices with poor security. “But they’re able to access these devices because there’s not a lot of regulations in the space: [it] makes it so much easier for them.”
Attackers use tools like port scanners or other tools to figure out what’s connected to the internet, what service is running on a port and where there are vulnerabilities.
“And then, there are these vulnerabilities associated with a version [of the hardware] that hasn’t been patched., Gordon said. “So threat actors use default passwords or exploit that vulnerability.” For attackers, IoT and IIoT make it “easier for them to create this army of malicious botnets to launch bigger attacks.”
Hence newly-digitalized technologies like IoT, analytics, and OT can come loaded with security concerns, not just for hard-coded passwords and internet access that exposes end-user credentials but also gaps in the network’s security.
Many industrialized operational technologies predate TCP/IP networking, and protecting legacy OT with better cybersecurity is a major requirement. Nozomi Networks highlights asset inventory management and asset monitoring as too often overlooked.
“It’s one thing to have legacy systems in your environment. But if you don’t even know what the heck you have, that poses even more of a danger because you don’t know if there are devices that are vulnerable or how many you have, “Gordon said. “You don’t know what’s nearing end of life.” She highlights Nozomi Networks’ tool for network and device visibility – enabling IT and security managers to take inventory of all OT devices on the network as a basic starting point.
When it comes to ICS, IoT, utilities, and OT security, asset discovery and monitoring are critical for companies to recognize the risks they might face. “I would say there’s probably three main ways [forward]. The first is doing a self-assessment. There may be policies in place, depending if the industry is highly regulated or not, but are [companies] following the policies?” Gordon asked.
“The next step is to have an external company do an assessment. This could include scanning and monitoring software to see what’s publicly accessible, checking the dark web to see if anyone’s targeting your company, and really checking your attack surface, just seeing how exposed you are,” she continued.
“But that third step, which I think is what a company would need is a penetration test, actually bring on a team and let them test how secure you are. Then from there, you’re able to prioritize how you’re going to mitigate these fixes and strengthen operational resilency.”
In the IIoT/OT space, some of the responsibility falls to the IT teams that simply doesn’t understand OT’s specific security requirements. Download the OT / IoT Security Report: Cyber War Insights, Threats and Trends, Recommendations to understand recent trends in IoT botnets and ICS-CERT vulnerabilities, new malicious tools being deployed, and insights into threat mitigations for more robust IoT and OT security.
- Nvidia in Malaysia: Here’s what transpired during CEO Jensen Huang’s visit last week
- Legacy tech gets a boost with Windows Notepad and Linux upgrades
- Shadow AI and tech debt: IT priorities for the next phase of digital transformation
- Adobe’s Achilles heel: How InDesign became a hacker tool and what other options are out there
- Unprecedented data breaches of the last ten years – and their aftermath