Microsoft Shares Third Edition of Cyber Signals, Highlights New Security Risks for IT Teams

TechTrends.Africa IconByTechTrends Hours On Categories Cybersecurity
Cyber risks

Internet-of-Things (IoT) and Operational Technology (OT) device pervasiveness, susceptibility, and cloud connectivity provide a fast-rising, frequently unregulated risk surface affecting a broader range of industries and organizations.

The rapid growth of IoT provides attackers with a larger entry point and attack surface. Access to less secure OT is creating the possibility for devastating infrastructure attacks as OT becomes more cloud-connected and the IT-OT gap closes.

Threat briefing

Adversaries compromise internet-connected devices to gain access to sensitive critical infrastructure networks.

Microsoft has noticed threats abusing devices in practically every monitored and visible area of an enterprise during the last year. These vulnerabilities have been observed in traditional IT equipment, OT controllers, and IoT devices like as routers and cameras.

The increased presence of attackers in these contexts and networks is being spurred by the convergence and interconnection that many enterprises have adopted in recent years.

According to International Data Corporation (IDC), there will be 41.6 billion linked IoT devices by 2025, representing a faster growth rate than traditional IT equipment. Although IT equipment security has improved in recent years, IoT and OT device security has lagged, and threat actors are leveraging these devices.

It is crucial to realize that attackers may have a variety of motivations for compromising devices other than standard computers and cellphones. Russia’s cyberattacks on Ukraine, as well as other nation-state-sponsored cybercriminal behavior, show that certain nation-states regard cyberattacks on key infrastructure as desirable for attaining military and economic goals.

Seventy-two percent of the software exploits used by “Incontroller,” a revolutionary collection of state-sponsored, industrial control system (ICS) centered hacking tools described by the Cybersecurity and Infrastructure Security Agency (CISA), are now available online. As skill and other barriers to entry disappear, such proliferation encourages larger attack action by other parties.

Threat actors have more options for waging large-scale attacks as the cybercriminal economy grows and malicious software targeting OT systems becomes more widespread and easier to employ. Ransomware attacks, previously thought to be an IT-focused attack vector, are now affecting OT environments, as seen in the Colonial Pipeline attack, which temporarily shut down OT systems and pipeline operations while incident responders worked to identify and contain the spread of ransomware on the company’s IT network. Adversaries realize that the financial impact and extortion leverage of shutting down energy and other critical infrastructures is far greater than other industries.

ALSO READ  The Six Biggest Blockchain Trends Everyone Should Know About In 2021

Growing-IoT-and-the-risk-to-OT_Title_MSFT

OT systems encompass practically everything that supports physical operations and cover dozens of vertical industries. OT systems aren’t just for industrial processes; they can also be for any special-purpose or computerized equipment, such as HVAC controllers, elevators, and traffic signals. OT systems include a wide range of safety systems.

Microsoft has noticed Chinese-linked threat actors targeting vulnerable home and small office routers in order to compromise these devices as footholds, providing them with new address space that is less related with their prior operations from which to launch new assaults.

While IoT and OT vulnerabilities provide a concern for all enterprises, critical infrastructure is especially vulnerable. Disabling vital services, rather than deleting them, is a potent tool.

Recommendations:

  • Work with stakeholders:?Map business-critical assets, in IT and OT environments.
  • Device visibility:?Identify what IoT and OT devices are critical assets by themselves, and which are associated with other critical assets.
  • Perform a risk analysis on critical assets:?Focus on the business impact of different attack scenarios as suggested by?MITRE.
  • Define a strategy:?Address the risks identified, driving priority from business impact.

Protecting against attackers

IoT opens up new business options while also posing significant risks.

As IT and OT merge to serve growing business needs, risk assessment and developing a more secure link between IT and OT necessitate the consideration of many control mechanisms. Air-gapped devices and perimeter security are no longer adequate for dealing with and defending against new threats like as sophisticated malware, targeted attacks, and malevolent insiders. For example, the rise of IoT malware risks indicates the landscape’s development and ability to overwhelm weak systems.

ALSO READ  When Big Data, Cloud and Internet of Things Technologies can enable African Startups become Disruptive.

Microsoft researchers discovered that the highest share of IoT malware, 38 percent of the total, originated from China’s enormous network footprint, after analyzing threat data from 2022 across several countries. With 18% of reported malware spread, infected servers in the United States place the country second.

In OT contexts, advanced attackers employ a variety of strategies and approaches. Many of these tactics are ubiquitous in IT environments but more effective in OT contexts, such as the identification of exposed, Internet-facing systems, the exploitation of employee login credentials, or the exploitation of network access granted to third-party suppliers and contractors.

The confluence of the IT world’s laptops, web apps, and hybrid workspaces and the OT world’s factory and facility-bound control systems poses serious risks by allowing attackers to “jump” air gaps between formerly physically isolated systems. As a result, IoT gadgets such as cameras and smart conference rooms act as risk catalysts by providing innovative entry points into workspaces and other IT systems.

In 2022, Microsoft aided a big multinational food and beverage industry with a virus incident when they were utilizing relatively ancient operating systems to control factory operations. Malware propagated to factory systems via a hacked contractor laptop while performing routine repair on equipment that would later connect to the Internet.

Top countries originating IoT malware infection during 2022

01-Growing-IoT-and-the-risk-to-OT_Title_MSFTInsider_Article_Image
Percentages of observed outbound malware infection attempts. Country of origin (location identification) does not infer nation-state sponsored activity (actor attribution).
Microsoft threat analysis of 2022 data.

Unfortunately, this is becoming increasingly widespread. While an ICS environment can be air-gapped and separated from the Internet, a compromised laptop becomes susceptible the moment it connects to a previously protected OT device or network. In the customer networks that Microsoft monitors, 29 percent of Windows operating systems are no longer supported. Versions of Windows XP and Windows 2000 have been observed functioning in insecure situations.

Because older operating systems frequently do not receive the necessary updates to keep networks secure, and patching is difficult in large enterprises or manufacturing facilities, prioritizing IT, OT, and IoT device visibility is an important first step in managing vulnerabilities and securing these environments.

ALSO READ  Oracle Launches EMEA Recruitment Drive To Add 1,400 New Cloud Sales Professionals

In cloud-connected environments, a defense built on Zero Trust, strong policy enforcement, and continuous monitoring can help restrict the potential explosion radius and prevent or control occurrences like these.

Investigating OT equipment necessitates specialized knowledge, and assessing the situation of industrial controller security is critical. Microsoft has made an opensource forensics tool available to the defence community in order to assist incident responders and security specialists in better understanding their surroundings and investigating potential events.

While most people think of key infrastructure as roads and bridges, public transportation, airports, and water and electricity grids, CISA has recommended that space and the bioeconomy be included to the list. Citing the possibility of disruption in numerous sectors of the US economy having a crippling influence on society. Given the world’s reliance on satellite enabled capabilities, cyberthreats in these sectors could have global implications well beyond what we’ve seen thus far.

Recommendations:

  • Implement new and improved policies:?Policies stemming from the Zero Trust methodology and best practices provide a holistic approach for enabling seamless security and governance across all your devices.
  • Adopt a comprehensive and dedicated security solution:?Enable visibility, continuous monitoring, attack surface assessment, threat detection, and response.
  • Educate and train:?Security teams require training specific to threats originating from or targeting IoT/OT systems.
  • Examine means of augmenting existing security operations:?Address IoT and OT security concerns to achieve a unified IT and OT/IoT SOC across all environments.

Learn more about how to help protect your organization with insights from David Atch, Microsoft Threat Intelligence, Head of IoT/OT Security Research.

A glimpse of security

From 2020 to 2022, there was a 78% increase in the revelation of high-severity vulnerabilities in popular vendors’ industrial control equipment.1

Unpatched, high-severity vulnerabilities were discovered in 75% of the most prevalent industrial controllers in customer OT networks.1

Over 1 million publicly accessible connected devices on the Internet are using Boa, an obsolete and unsupported software that is still commonly used in IoT devices and software development kits (SDKs).

TechTrends.Africa Icon

Techtrends Africa is Africa’s leading Tech blog that provides quality tech and innovation stories, trends, industry watch, reviews/analysis, interviews, and insights on emerging technologies and their application across critical sectors.

Similar Posts

Sophos
|

Sophos Endpoint Security Advancements Improve Cyberthreat Defenses and Streamline Management

ByTechTrends

Sophos, a global leader in innovating and delivering cybersecurity as a service, today introduced innovative advancements to its portfolio of industry-leading endpoint security offerings. New adaptive active adversary protection; Linux malware protection enhancements; account health check capabilities; an integrated zero trust network access (ZTNA) agent for Windows and macOS devices; and more improve frontline defenses against advanced cyberthreats and streamline endpoint…

Sophos
|

Most Educational Organizations Paid More Than the Original Ransom Demand, Says Sophos Survey

ByTechTrends

Education Sector’s Ransomware Recovery Costs Skyrocket, Despite Fewer Attacks Overall Sophos, a global leader of innovative security solutions that defeat cyberattacks, today released findings from its annual sector survey report, “The State of Ransomware in Education 2024.” According to the report, the median ransom payment was $6.6 million for lower education and $4.4 million for…

cybersecurity
|

Cybersecurity Skills Shortage Is Ranked as the Biggest Risk to MSPs and Their Clients

ByTechTrends

Sophos, a global leader of innovative security solutions that defeat cyberattacks, today released its inaugural “MSP Perspectives 2024” survey report, which found that the biggest day-to-day challenge facing Managed Service Providers (MSP) is keeping up with the latest cybersecurity solutions/technologies, cited by 39% of the MSPs surveyed. Alongside this, MSPs indicated that hiring new cybersecurity analysts…

Sophos

Sophos Expands Commitment to the Channel with New Dedicated Partner Care Offering

ByTechTrends

 Sophos, a global leader in innovating and delivering cybersecurity as a service, is expanding its commitment to the channel with the addition of Partner Care, a new offering in its global partner program that features a dedicated, 24×7 team of Sophos experts who handle non-sales related questions and operational support. The offering is designed to…

Cybersecurity

The Real Reason Why Women Are Marginalized in Cybersecurity

ByTechTrends

Cybersecurity is one of the industries that suffers from significant bias and gender stereotypes. This field is becoming increasingly important in our digital world, and as a result, it offers a variety of rewarding career paths and opportunities. However, there are still significant barriers and misperceptions that lead women to believe that a career in…

Mozilla

Mozilla Launches Facebook Pixel Hunt to Reveal How You’re Tracked Online

ByTechTrends

Mozilla researchers announced the commencement of their “Facebook Pixel Hunt” investigation this week, which aims to follow the company’s massive web-wide tracking network and scrutinize the data it collects on users. This study, as the name implies, focuses on a piece of tracking technology known as the “Facebook pixel.” You’ve probably visited a site that…

Leave a Reply

Your email address will not be published. Required fields are marked *