Cybersecurity attacks have expanded into the OT landscape over the past few years, with critical assets and legacy equipment being connected to IT networks now more than ever. The severity of the risk has been at the level of worry for many, especially for ICS and SCADA systems that have been developed and deployed for over a decade.
Moving along with IT networks makes sense for OT systems as networking, remote management, and wireless connectivity are the benefits that come along and have become a necessity today. However, enterprises still tend to struggle with the implications of IT and OT convergence. Several large-scale attacks on critical national infrastructure are on the rise. Though there are many sectors hit with the risk, the manufacturing sector has rapidly moved up to the second position after the finance and insurance sector since 2020.
Marcus Josefsson (VP EMEA, Nozomi Networks) believes that it could be because manufacturing has ‘easily quantifiable downtime, ability to do significant damage and costs a lot of money. This makes it a sensible target for malicious actors out there.’’
Thus, we will be considering the OT security risks and threats that are concerning the manufacturing industry.
Where’s the risk?
The weakest spot for OT attacks might not be the networks. Organizations are struggling with the complexities and the lack of protocols and entrusting standardization. Almost every ICS/SCADA vendor is aware of how the risks permeate the OT environments and how crucial it is to protect the networks.
On the other end, the ongoing digital transformation efforts well expose decades-old legacy systems to malware attacks. The structural problems are worsened by lack of (OT specific) cyber security controls in these environments, which allows hackers to take advantage
75% of manufacturing leaders agree that the cloud is the number one area for cyber risk exposure outside the firewall. While these might be some of the most common issues, let’s look at the risks to Operational Technology.
Supply chain
Evidently, cyberattackers are shifting the focus towards supply chains. 62% of the attacks on customers took advantage of their trust in their supplier. We all are aware of how the agitations within the manufacturing processes can impact the businesses operations via the supply chain implications and the domino effect is difficult to manage. And many OT assets aren’t equipped to defend against today’s threats, many of which are becoming more advanced and sophisticated, while the targeted systems remain unchanged and often unprotected.
Expanding attack surface
The plethora of types of attacks have quite significantly risen. In the latest reports, 21% of ransomware was targeted at the manufacturing industry. ‘Built to last’ OT systems and convergence with IT networks are creating new openings for hackers and expanding the attack surface. What was protected within the OT networks is slowly opening up with the digital transformation and leading to ransomware attacks affecting ICS environments and operations in the last two years.
Rob Rothwell, Industrial Control Systems & Operational Technology Cybersecurity Expert at prosource.it believes, ‘Day-to-day, malware infection is probably the biggest one. It’s largely accidental, e.g. vendor technicians coming on-site with infected USB media.’’
Enterprise challenge
The lack of skills and training also plays a significant role here. The resources within the industrial networks are often not equipped to handle the risks where the networking assets are exposed to the internet. And manufacturing is a high-risk domain that can facilitate primary access to a victim environment. Organizations need to build a substantial training system where everyone – from C-level executives to the regulators – can be aware of potential threats.
Primary threat landscape
Traditional attacks
We can’t simply transplant cyber security detection mechanisms from IT to OT, in many cases the ITT systems we have in place are not suitable to operate in a sensitive OT environment – in many cases they can cause harm rather than provided protection. The lack of visibility in the devices and network connections leads to vulnerabilities and attempted signature and file-based attacks. At the same time, we need to protect OT assets, such as Windows machines and servers against ‘traditional attacks’ such as ransomware.
It affects not just businesses but external stakeholders, from suppliers, contractors to consultants. If reports are to be believed, 77% of U.S. energy companies are vulnerable to ransomware attacks via leaked passwords.
Targeted attacks
Bad actors are now using AI-powered techniques for social engineering attacks and the trend to use behavior analytics has taken off quickly. The dark web provides the tools for performing repetitive tasks that can scale the threat to a higher level. And also, perform normal traffic tasks that are difficult to detect.
Bad actors are now using AI-powered techniques for social engineering attacks to gain initial access and, the trend to use behavior analytics has taken off quite rapidly. The dark web provides the tools for performing repetitive tasks that can scale up the threat to a higher level. And also, perform normal traffic tasks that are difficult to detect. There are still state-sponsored actors out there looking to attack using advanced, tailor-made malware – the most famous one arguably being Stuxnet/Triton.
According to Sophos’ new report, companies in the manufacturing sector were the least likely (at 19%) to submit to a ransom demand to have encrypted files restored and the most likely (at 68%) to be able to restore data from backups. Also, it reveals that the practice of backing up data could be a reason why this sector was also the most affected by extortion-based ransomware attacks,
Expert advice…
Our expert Marcus shares, ‘We need to try to break it down. From a technical perspective, we need specific solutions catering to these specific specialized network infrastructures. They usually lack encryption, authentication. We need other means to protect these systems.’’
Gathering visibility on OT devices can get quite challenging and requires monitoring network traffic passively without affecting production. Organizations need to identify unpatched software and implement updates or mitigation policies. Marcus believes, ‘it always starts with visibility. Once we have visibility then we can start looking at detection anomalies and suspicious activities and be able to detect potential risks.’’
While manufacturers are turning to the Industrial Internet of things (IIoT) to gain crucial insights, the OT systems need a hard push towards security. Moving forward, there will be ‘gradual improvement of the threat actors and gradual improvement of their knowledge of ICS/OT.’’ states Rob and enterprises need to plan accordingly.
There’s so much more from our expert that we’d like to share. Sign up for our newsletter now!
