While interconnected information technology (IT) and operational technology (OT), along with all Internet of Things (IoT) connected devices, are effective in helping companies modernize their work environment, transform data-driven business operations, automate processes, and remotely monitor infrastructure, while In the absence of adequate protection, the risk of unauthorized access to devices and networks increases, he points out in the third edition of the Microsoft Cyber Signals report (Risks for Critical Infrastructure on the Rise), published in December. The study draws attention to cybersecurity trends identified by 8,500 software company experts in analyzing the 43 trillion security signals received daily from devices connected to the network.
Over the past year, Microsoft has seen attacks targeting connected devices in virtually every area of an organization that is controlled and visible on the network—in classic IT environments, as well as in operational technologies (programmable systems that interact with the physical environment) and IoT. devices, such as routers and cameras. The latter, the increased vulnerability of OT and IoT environments, is a major concern for all organizations, regardless of industry, but carries a particularly high risk for critical infrastructures, Microsoft emphasizes. Even by simply disrupting services vital to the functioning of companies and society as a whole, the victim can be dealt a serious blow – or can be extorted from a large ransom – which is why attackers, acting for various reasons, see such infrastructures as a particularly attractive target.
Air gap attacks
By connecting OT and IT systems that manage energy, transportation, telecommunications, industrial and other critical infrastructures, the boundaries between two worlds once isolated from each other are weakened, which greatly increases the risk of attacks penetrating through them, as well as the threat environmental safety. Between 2020 and 2022, the number of serious vulnerabilities found in the most common industrial control systems increased by 78 percent, according to Microsoft. In addition, there are more than 1 million devices on the Internet running legacy, no longer supported, but still widely used in IoT devices and their development kits, Boa software. More worryingly, the software company nonetheless found serious vulnerabilities in 75 percent of the most common industrial controls for which the companies did not patch.
This data also shows that with the disappearance of the previously existing separation of IT and OT environments and the disappearance of network boundaries, organizations urgently need to strengthen the cyber protection of digital communications between the two worlds, as well as advanced threats, sophisticated malware. software, targeted attacks and effective protection against internal malicious users will require a number of measures.
Actors who launch advanced attacks use several approaches and tactics, many of which – discovering vulnerable systems connected to the Internet, misusing employee IDs or access rights granted to external partners – are already known in the world of IT environments, but are still unknown in FROM. environment more efficient. For example, the air gap between two worlds that have been physically isolated from each other for a long time can now be easily bridged by attackers using these methods. All they have to do is infect a laptop of an external partner—for example, a vendor maintaining a device running in an OT environment—and the next time they exit, malware that opens the door for further, more advanced attacks can be delivered to mission-critical systems that are not connected to the Internet. .
All-Seeing and Regulatory Protection
The International Data Corporation (IDC) predicts that 41.6 billion IoT devices will be connected to the Internet of Things in 2025, which means that their number could grow faster than traditional IT devices in the next few years. But while the cyber defenses of the latter have been strengthened by vendors and users in recent times, IoT and OT devices have not kept up with this development, which is being exploited by an increasing number of attackers.
Their work is increasingly facilitated by the fact that other actors of the underworld can also quickly and easily gain access to a large part of the especially advanced and effective tools used in nation-state cyberattacks against critical infrastructure. For example, 72 percent of devices used for Incontroller attacks classified in this category by the US CISA (Cybersecurity and Infrastructure Security Agency) are already available in the online marketplaces of the cyber world.
In the growing economy of cybercrime, it is not only easier to access and use similar devices, and the barrier to entry is lower, so an even wider range of actors can now attack critical infrastructures. For example, ransomware attacks that we previously identified as a threat to the IT environment can now cause severe disruption in OT environments as well, as evidenced by the 2021 Colonial Pipeline incident in the US. The oil pipeline network control systems had to be temporarily disabled while the attack teams discovered and isolated the embedded ransomware in the company’s IT systems, so the fuel supply was also temporarily suspended.
The risk is further exacerbated by the fact that in previously isolated OT environments that are much more fragmented than IT environments and often contain unique components, software patching is an incredibly difficult or impossible task for operators. a task. For example, manufacturing companies cannot easily stop their machine lines just to check one of the programs for vulnerabilities or install a patch.
It’s also unfortunate that nearly a third (29 percent) of Windows operating systems running on networks controlled by Microsoft are no longer supported by the underlying software versions. Such devices running the Windows 2000 or XP operating system are often found in industrial or other vulnerable environments.
To manage the IT and OT risks of a critical infrastructure, companies must first get a complete view of their other devices running in the IT and operating environment and connected things to the Internet, their connections, and data, resources and services. available from devices, which Microsoft points out in its report. It is equally important that organizations dynamically and continuously monitor and evaluate changes in dependencies and risks. Without this, they would be unlikely to be able to prevent their sensitive data or their identifiers, which provide access to critical infrastructure management systems and exclusive rights, from falling into unauthorized hands.
In other words, organizations operating mission-critical infrastructure can most effectively secure their IoT-enabled OT environment and their industrial IoT solutions using a zero-trust security model, but the architecture requirements for doing so do not apply to IoT. Companies can access untrusted cyber protection that sees and regulates all devices, users and activities on the network with clear and continuous identity, access control that provides the most detailed, minimum required authorizations and real-time threat detection.
Hardware, software, tests, interesting and colorful news from the IT world click here!