As cyber threats escalate worldwide, new research from Forescout Research underscores a concerning trend for OT cybersecurity. Operational technologies (OT) are increasingly vulnerable and becoming prime targets for cybercriminals. The study reveals that a proactive security strategy, rather than a reactive one, is crucial for safeguarding essential services.
In addition to ongoing threats against software libraries, exploits against network infrastructure and IoT devices increased. The most targeted IoT devices were IP cameras, building automation and network attached storage. Only 35% of these were known exploited vulnerabilities.
OT Cybersecurity & the 5 Protocols being Constantly Targeted
[Source: Forescout Research]
It was found that five OT protocols were a constant target. Modbus (33%), Ethernet/IP, Step7 and DNP3 (with around 18% each) and IEC10X (e.g. networked SCADA) with 10% of attacks. The remaining 2% were across many other protocols, of which the majority is BACnet. Most attacks target protocols used in industrial automation and the power sector. Less often scanned were building automation protocols, but exploits against building automation are more common.
The United States was the most targeted country. Of more interest for us is the UK which was in second place, then Germany, India and Japan. Almost half of the malign attackers came from three countries, being China, Russia and Iran. Government, financial services, media, and entertainment were the industries most targeted by these actors.
Most reported attacks were opportunistic. However, there were exploits targeting extremely specific networking devices to obtain precise information about them and drop malware. These attacks often use public proof-of-concept scripts.
Insights for Defenders
Monitoring the traffic to and from OT devices is nowadays as critical as monitoring IT traffic. Attackers are constantly probing these assets for weaknesses and many organisations will be blind to that because they lack visibility into their OT infrastructure. Building automation and even protocols such as Modbus are now found in almost every organisation and are a target for attackers.
The increased usage of residential proxies, ISPs and compromised devices on legitimate organisations means that you should keep up to date with threat feeds that can monitor these compromised IP addresses and help to detect compromises in your own network.
The increase in attacks targeting web and networking protocols is representative of threat actors shifting from mostly credential-based attacks to exploits on perimeter devices and applications.
Organisations should adopt technologies for risk management and threat detection that cover the entire attack surface, whether that is applications on a server, a perimeter device or an IT workstation.
Next step
The next step is to focus on enhancing OT cybersecurity through three fundamental pillars:
Risk & Exposure Management
Conduct thorough assessments of network assets, implement robust security measures like strong unique passwords, disable unused services, promptly patch vulnerabilities. Also, adopt an enterprise-wide risk-based approach extending beyond IT to OT and IoT devices.
Network Security
Avoid exposing unmanaged devices to the internet, segment networks to isolate IT, IoT, and OT devices. Moreover, restrict network connections, implement external communication restrictions, and isolate or contain vulnerable devices when immediate patching is difficult.
Threat Detection & Response
Use IoT/OT-aware monitoring solutions with deep packet inspection to detect and alert on malicious indicators and behaviours. Also monitor for known hostile actions, block or alert on anomalous traffic. Finally, consider solutions that collect telemetry from diverse sources for correlation and automated response.
External help is also available to mitigate against OT cybersecurity threats. Schneider Electric offers a Managed Security Services (MSS) programme for safeguarding operational technology environments against cybersecurity threats. Go here for more information or, contact our Applications Team using the contact form following to find out how we can help your business be more resilient against OT cybersecurity threats that increase by the day.
OT Cybersecurity: Be Proactive & the Urgent Need to Enhance It
Interested in the above and want to know more? Please fill in the form below and one of our team will get back to you as soon as possible.
