Category: Industry

In today’s hyper-connected world, the Internet of Things (IoT) and digital technologies have revolutionized industries across the globe. However, with this progress comes the growing threat of cyber attacks targeting Operational Technology (OT). These attacks pose serious risks to critical infrastructure sectors, including energy, manufacturing, transportation, and utilities. Unlike traditional Information Technology (IT) systems, OT systems manage and control physical processes in industries that are vital for societal function. Understanding OT cyber attacks is crucial for safeguarding against potential disasters.

What Is Operational Technology (OT)?

Operational Technology refers to hardware and software systems that detect or cause changes through direct monitoring and control of physical devices, processes, and events. OT includes everything from industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, to other specialized machinery and equipment used in manufacturing, energy production, and critical infrastructure. These systems are responsible for maintaining the smooth and efficient operation of critical infrastructure, including power plants, water treatment facilities, oil refineries, and transportation networks.

The Rise of OT Cyber Attacks

As industrial systems become more interconnected and digitized, the risk of cyber attacks on OT systems has escalated. While IT systems primarily manage data and communication, OT systems control physical processes that directly impact the real world, such as regulating the flow of electricity or water. A cyber attack targeting OT systems can have devastating consequences, ranging from equipment damage to widespread disruptions of essential services.

In recent years, cyber threats to OT have grown more sophisticated. Hackers increasingly target vulnerabilities in industrial control systems (ICS) or SCADA systems, which are often not as robustly protected as traditional IT systems. These attacks can cripple entire industries, leading to massive financial losses, safety hazards, and in extreme cases, even loss of life.

Types of OT Cyber Attacks

1.    Ransomware Attacks

Ransomware attacks have become more prevalent in recent years, and OT systems are no exception. In an OT ransomware attack, malicious software encrypts critical data or locks down important machinery, demanding a ransom to restore operations. Such attacks can halt production lines, shut down power grids, and disrupt vital services, making them especially damaging in industrial settings.

2.    Advanced Persistent Threats (APT)

APT attacks are long-term, highly targeted attacks designed to infiltrate OT systems, often without detection. Cybercriminals behind APTs aim to gain control of critical infrastructure, potentially causing long-term damage or stealing sensitive data. These attacks can be used to disrupt operations subtly or gather intelligence for future attacks.

3.    Denial of Service (DoS) and Distributed Denial of Service (DDoS)

DoS and DDoS attacks aim to overload an OT system with excessive traffic or requests, ultimately causing the system to crash or become unresponsive. In industrial settings, such attacks can prevent systems from functioning correctly, leading to significant downtime and operational failure. For example, a DDoS attack on a water treatment plant could halt its operations, endangering public health.

4.    Man-in-the-Middle (MitM) Attacks

In a Man-in-the-Middle attack, hackers intercept and alter communications between two OT devices or systems. This can be particularly dangerous in industries where real-time data communication is crucial, such as in the energy sector. A MitM attack could manipulate critical data, causing operators to make erroneous decisions that jeopardize safety or operational efficiency.

5.    Physical Sabotage

OT cyber attacks may also involve direct physical sabotage. Cybercriminals can infiltrate the network and remotely manipulate physical devices, such as factory machines or electric grids. The infamous Stuxnet attack, which targeted Iran’s nuclear facilities in 2010, is one of the most well-known examples of cyber-physical sabotage, where a worm was used to damage industrial equipment by disrupting its operations.

Why OT Cyber Security Is So Critical

Unlike traditional IT systems, OT systems are often designed with less emphasis on security. Many OT devices and infrastructure were built years ago, long before the current cyber threat landscape emerged, meaning they often lack robust defenses like firewalls, encryption, and access control systems. Additionally, many OT devices are not regularly patched, and some have limited remote access controls, making them ripe targets for cyber criminals.

OT systems also often operate in isolated networks, meaning they may not have the benefit of standard IT network defenses. This isolation can make OT systems vulnerable when connected to external networks, as cyber attackers can find pathways through weak points in security protocols.

Given that OT systems control essential services, any successful cyber attack can have life-altering consequences. A breach in a water treatment plant could contaminate drinking water, while an attack on a power grid could leave millions without electricity, disrupting hospitals, businesses, and critical services. The potential for large-scale damage to public safety, health, and national security makes OT cybersecurity a top priority.

How to Protect OT Systems from Cyber Threats

1.    Network Segmentation

Segmenting OT networks from IT networks is one of the most effective ways to reduce the risk of cross-network attacks. By isolating OT systems, cyber threats that affect IT systems are less likely to spill over into critical industrial systems.

2.    Regular Patching and Updates

Many OT systems run on outdated software that may be vulnerable to exploitation. It is critical for organizations to implement regular patching and updates to reduce security flaws. This can involve installing security patches from vendors or working with third-party cybersecurity experts to ensure OT systems stay secure.

3.    Multi-Factor Authentication (MFA)

Implementing MFA across OT systems helps ensure that only authorized personnel can access sensitive control systems. This adds an extra layer of security, making it harder for attackers to gain access to critical infrastructure.

4.    Employee Training and Awareness

Employees should be trained to recognize cyber threats, including phishing and social engineering tactics. By fostering a culture of cybersecurity awareness, businesses can help mitigate the risk of human error leading to security breaches.

5.    Intrusion Detection Systems (IDS)

Deploying intrusion detection and prevention systems can help monitor OT networks for suspicious activities and quickly alert operators to potential threats. These systems are essential for early detection of attacks and minimizing the impact of breaches.

6.    Incident Response Plans

Developing a robust incident response plan is essential for minimizing damage in the event of a cyber attack. An effective response plan can help quickly isolate affected systems, identify vulnerabilities, and implement recovery procedures to restore normal operations.

Conclusion

Operational Technology cyber attacks represent a significant and growing threat to critical infrastructure worldwide. With OT systems controlling everything from power plants to transportation networks, securing these devices is no longer optional. As the risk of cyber attacks continues to rise, industries must prioritize OT cybersecurity by implementing robust defenses, keeping systems up to date, and training personnel to recognize threats.

By taking proactive steps, businesses can mitigate the risks posed by cybercriminals and ensure that the critical infrastructure we rely on remains secure, functional, and resilient against future attacks.

The post Understanding Operational Technology Cyber Attacks: The Emerging Threat to Critical Infrastructure appeared first on Cybersecurity Insiders.

FBI has issued a warning for crypto investors to be vigilant about Pig Butchering. To those who know little about the term in Cryptocurrency investment, here’s a gist of it. It is nothing but winning the trust of investors and somehow pressurizing them to deposit more and more into wallets and websites that are eventually controlled by threat actors.

This issue came into light when the NSA discovered North Korea was indulging in tactics such as stealing digital currency to fund the nuclear ambitions of its leader, Mr. Kim Jong Un.

US Federal Bureau of Investigation is warning digital currency investors not to fall prey to such scams that promise either riches or romance and asked them to be more vigilant about the money that they are investing or about to invest.

Security experts state that Pig butchering scam starts with the threat actor sending a message via SMS or WhatsApp to victims and promising riches and romance. They do so by keeping an alluring profile picture that is not only attractive, but sometimes is filled with malware that drops as soon as the victim clicks on the profile pic.

Initially, the conversations are sweet and are convincing. Then the fraudster plays a ploy on the target to move their digital currency to the wallet of their choice, promising to return the sum after sometime with unrealistic interest pay or double the amount assurance after a certain period.

Coinbase, a noted cryptocurrency platform, has also issued a warning against such scams and asked investors to be vigilant while putting money into firms that claim to be international non-profit organizations, global anti scam organizations, easy money platforms and such firms.

NOTE- Estimates are in that Pig Butchering scam resulted in $429 million loss to companies and individuals worldwide and the presented numbers are just a guestimate and not the actual loss incurred in reality as most of the crypto investments and losses go unreported for various reasons.

 

The post FBI issues warning on “Pig Butchering” appeared first on Cybersecurity Insiders.

After years of falling behind, the construction industry has realised the importance of its data. Construction-related businesses invested a remarkable 188% more in cybersecurity in 2018–19. Data leaks and cyberattacks have jolted sectors worldwide, affecting everyone. 55% of UK businesses experienced a cyberattack in 2019 alone, and the average damage resulting from breaches is £176,000. […]… Read More

The post UK Construction: Cybersecurity Experts Defend Joint Ventures appeared first on The State of Security.

The number of cybersecurity incidents has risen sharply over the past two years: The compulsive digitization projects during the pandemic years left many organizations’ perimeters in shambles. Now, Russia’s war of aggression – which might go down in history as the first truly hybrid war, fought fiercely both on traditional and on cyber battlefields – is threatening these vulnerable infrastructures. This has not gone unnoticed by the political players and federal agencies of the transatlantic alliance: On both sides of the Atlantic, administrations are vehemently advocating holistic security approaches, be it in White House Executive Orders, the compendia of the German BSI (Federal Office for Information Security) or the British National Cyber Strategy.

A common component of the ambitious government frameworks is their holistic approach to cyber defense, leveraging principles such as Zero Trust, Least Privilege and Security-by-Design to help companies build stronger and more resilient environments and applications – and thus, to protect their assets and strengthen the overall economy. However, most IT teams in the private sector are understaffed, and many lack the cyber security expertise required to make this kind of fundamental changes to their IT and security stacks. This could prove fatal, especially for vendors in five select industries which represent especial attractive targets for attackers. Let’s take a look at these branches, and discuss how players in these sectors can confidently ensure a high degree of protection by following the Center of Internet Security’s (CIS) Critical Security Controls and Privileged Access Management (PAM) recommendations.

Financial Services Industry

The financial services industry has always been a prime target of cybercriminal activity. The attacks are usually financially motivated. In the worst case, a successful breach might even grant the attackers direct access to the deposits of bank customers and investors. In addition, most financial institutions also manage vast amounts of sensitive, highly valuable data for their customers: from personal financial data and business-critical information to insider information or data from data-driven businesses.

To exacerbate matters, the financial sector is currently undergoing a dynamic, if not disruptive, digital transformation: An agile swarm of aggressive young challenger banks is setting itself apart from the traditional market with innovative digital service offerings, forcing established institutions to digitize at full speed as well. All of this is rapidly increasing the dependency on technology and data across the industry, and the growing attack surfaces offer hackers countless new attack vectors.

Healthcare

The healthcare industry has also been one of the top targets for cybercriminals for many years. After all, healthcare providers’ servers arguably hold the most sensitive and tightly regulated data in the world – and these are of enormous value.

According to recent studies, healthcare saw a 200% year-over-year increase in cyberattacks in the first pandemic year alone. At a staggering 97%, web application and application-specific attacks accounted for the lion’s share of malicious activity. This can be attributed to the newly opened network infrastructures: During the pandemic, both medical staff and patients have increasingly started to access central resources as part of telemedicine concepts, and while this often improves patient care, it also creates additional points of attack.

In addition to the ubiquitous identity theft and ransomware attacks, cyber reconnaissance is playing an increasingly important role in healthcare institutions and healthcare research. A prime example is the recent attack on the European Medicines Agency (EMA), where attackers illegally accessed confidential vaccine documents.

Construction Industry

Let us have a look at the most unexpected entry on the list: According to several recent studies (e.g., the “Hiscox Cyber Readiness Report 2021” by specialist insurer Hiscox and Forrester Consulting), almost half (46%) of construction companies have been the victim of a cyberattack.

Even though many experts believe that the construction industry has been very reluctant to digitize, there is no doubt that more and more business processes are being shifted to the IT world. And as is always the case when digitizing, caution is advised: Anyone who is working with construction plans, project evaluations, and other confidential information needs to apply due diligence to avoid damage and financial losses.

The example of French construction company Ingérop illustrates how big the damage potential in the construction industry really is: In 2018, around 65 gigabytes of data were stolen from Ingérop via a German server – including a large number of documents from critical infrastructure facilities such as nuclear power plants and nuclear waste repositories, high-security prisons, and public transport networks, not to mention personal data from over 1,200 employees.

IT and Telecommunications Industry

The recent cloud and digitization boom has permanently changed the ICT industry and made it much more relevant, but also more complex. Multiple surveys document that a vast majority of IT executives worldwide consider the sprawling complexity of the tech stack as a major problem in their organization. They also expect cybercrime to increase in 2022: With the rapid rise of mobile endpoints, smart IoT devices, and open APIs, the volume and value of data processed worldwide will increase significantly and the companies’ attack surface will also continue to grow. ICT companies must therefore take care not only to advance their products and infrastructures but also to continuously optimize their security stacks.

Small & Medium Businesses

Last year’s digitization boom has fundamentally changed small and medium-sized companies: To maintain business continuity during the pandemic, extensive investments in new digital equipment were required – just think about hybrid workplaces –, which could not be postponed and were often carried by governmental digitization initiatives. However, these digitization projects were rarely accompanied by similarly ambitious security investments, so there is a lot of catching up to do in terms of cybersecurity.

While most large companies employ dedicated staff or entire departments for cybersecurity, SMEs are often inadequately protected due to a lack of resources: Only about half of them have access to well-rounded in-house security experts. For attackers, this naturally represents an attractive target, the proverbial “path of least resistance”.

So, SMEs have their work cut out for them: Despite their limited budgets, they need to mitigate potential attack vectors as comprehensively as possible. This also means they must prepare for the worst-case scenario – a successful breach – by preventing lateral movement through their network.

Privileged Access Management for a Secure Access
As different as the five industries may be, the majority of cyberattacks follow the same pattern: First, the attackers gain access to the network, often by stealing or phishing credentials. Then, they move laterally from system to system, escalating their access rights until they find the company’s crown jewels. These are then stolen, encrypted, or destroyed – depending on what promises the highest profit.

The only real protection against these kinds of attacks is a stringent Privileged Access Management (PAM), specifically for privileged accounts with far-reaching rights. The foundation of this strategy is the so-called least privilege principle, which also is a important component for Homeland Security’s Cybersecurity and Infrastructure Agency (CISA), as well as for the German BSI and the British National Cyber Strategy: Authenticated users are always only granted a minimum level of privileges for a limited period – and precisely get the access rights they need to fulfill their current task. A robust PAM solution should also support strong multi-factor authentication (MFA) and a seamless password management strategy, e.g., with automated password updates for network accounts and the secure storage of critical credentials in secure vaults. This allows IT teams to successfully restrict access to critical data such as infrastructure accounts, DevOps access, or SSH key pairs. For optimal protection, Red Team trainings, advanced audits, and dedicated employee trainings have proven effective in protecting against social engineering.

CIS Critical Security Controls
While most organizations have some PAM components in place, most lack a comprehensive strategy that addresses the issue holistically and offers full protection. This is why the non-profit Center for Internet Security (CIS) provides a set of holistic best practices through its regularly updated Critical Security Controls Framework (CSC). The 20-point framework helps companies put every aspect of their cybersecurity to the test. Particularly relevant for KRITIS-regulated companies: The current eighth edition puts a strong focus on the topics of “Access Control Management” and “Privileged Access Management” and includes multiple actionable recommendations for security practitioners to protect their privileged accounts and to implement a consistent cybersecurity strategy.

Conclusion
As recently as March 21, 2022, Joe Biden explicitly warned about Russian cyberattacks and called on companies to “harden your cyber defences immediately”. The powerful choice of words underscores the high level of risk that political decision-makers currently perceive. Cyberattacks have been on the rise for many years, but both the pandemic and the war could exponentially accelerate the threat levels. Organizations looking to ensure safe and resilient operations need to rethink their cybersecurity approach, and to position themselves more securely in cyberspace. This is especially true for enterprises from the financial, healthcare, construction and ITC sectors, as well as SMEs. These five are among the prime targets, and need to be aware of the relevance of their assets and data. Implementing a holistic PAM strategy is a very effective and quick measure to improve the security posture. In the long term, however, companies need revise their entire security stack along current best practices – and thus set the course for failsafe and resilient business operations with low operational risks.

The post Policy Recommendations for a Holistic Cybersecurity: Five Industries Under Attack, and What They Should Do? first appeared on Cyber Insights.

The post Policy Recommendations for a Holistic Cybersecurity: Five Industries Under Attack, and What They Should Do? appeared first on Cyber Insights.

Cisco Talos has discovered that Industrial Open Automation Software (OAS) that is used to operate Industrial Control Systems (ICS) is filled with critical vulnerabilities that are yet to be patched.

As OAS acts as a bridge for the data movement between two different industrial platforms like PLCs, applications, IoT devices, and databases, these systems play a crucial role in industrial operations and any disruption to them can make or break a business on a permanent note.

Although out of eight, 6 of these flaws were patched, most of the Industrial Control Systems are yet to be updated. The company advises companies to go for network segmentation to lessen the access to hackers who could exploit vulnerabilities.

Researchers from Cisco are also advising organizations to create custom groups and user accounts that have only the needed permissions so that their access is limited.

Additionally, they are also recommended to defend digital environments by using preventive Zero Trust Access Controls for authenticating device trust and user trust.

Coming to a separate study made on ransomware spread in the industrial sector, Cisco claims that no one ransomware family was observed targeting the same company twice in the first quarter of 2022.

All thanks to the democratization of ransomware adversaries that have led to the attack’s downtrend. However, the concerning part is the emergence of new file-encrypting malware families that include Cuba, Entropy, and Cerber along with the sophistication of Hive and Conti malware families.

 

The post Industrial Open Automation Software filled with vulnerabilities appeared first on Cybersecurity Insiders.