Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • OT Cybersecurity Concerns Are Increasing Across the Globe
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

OT Cybersecurity Concerns Are Increasing Across the Globe

4 years ago Anastasios Arampatzis
OT Cybersecurity Concerns Are Increasing Across the Globe

2021 was the year that marked a major cyber-attack against a critical national infrastructure organization whose impact was felt by millions of Americans on the East Coast. However, the attack against the Colonial Pipeline Company was not the only incident that affected the Operational Technology (OT) systems of a critical sector for the U.S. national economy. In response to a growing number of attacks, President Biden signed an Executive Order in May 2021 with the aim of strengthening the cybersecurity of the U.S. government and critical infrastructure.

The same level of concern is also shared across many developed countries in the world. The digitization of critical OT systems and the connection of previously isolated Industrial Control Systems (ICS) to the internet has brought endless possibilities as well as risks. Because of the IT-OT convergence, threats that originate in the IT environment are extending into the OT domain, harming the safety and reliability of critical processes. Since these OT processes affect the physical world, such disruptions may have ripple effects and may even lead to loss of life.

To better understand the extend of the issue, it would be beneficial to take a tour around the world and read what various state cybersecurity reports say about OT cybersecurity.

Franco-German Common Situational Picture

The French cybersecurity agency (ANSSI) and its German counterpart (BSI) have been issuing for the last years common situational reports to promote threat intelligence sharing. In the third edition of the report in 2020, the two agencies note the following:

The digitalization of production processes underpinning the core activity of an entity, through the connection of operational technology (OT), will carry risks for the near future. Those OT systems have usually a long lifecycle and are expensive. Hence, they are not changed or upgraded on a regular basis. Therefore, ANSSI and BSI must assume that most of the currently working OT systems were installed at a time when IT security was not recognized as a vital factor for the operation of OT systems.

In the 2021 edition, ANSSI and BSI goes on to highlight that “At the beginning, ransomware was widely used against individual users with relatively low ransom demands. Over time, particularly in recent years, ransomware became a major threat to networks of large organizations in so-called Big Game Hunting (BGH) attacks.”

Cybercriminal groups are now focused on targeting companies and institutions whose business interruption may lead to important economic, industrial, or social consequences. Targets include local governments, the education sector, hospitals, and digital service providers. All these institutions are covered by the EU NIS Directive that provides strict requirements on the security of critical infrastructure in Europe.

Europol Internet Organized Crime Threat Assessment 2021

The same trends are highlighted in Europol’s flag report, IOCTA 2021. Europe’s law enforcement agency noted that “ransomware reports had increased during the reporting period. The trends of focusing on large corporations and public institutions, utilizing vulnerabilities in the digital supply chain, and multi-layered extortion is an indication of the increased sophistication and maturation of the ransomware affiliate programs involved.”

The agency also explains the trend that ransomware gangs are going after “big fish” and that mass-distributed ransomware involving spray-and-pray tactics are on the decline.

Perpetrators are moving towards human-operated ransomware targeted at private companies, the healthcare and education sectors, critical infrastructure and governmental institutions. The shift in the attack paradigm indicates that ransomware operators choose their targets based on their financial capability to comply with higher ransom demands and their need to be able to resume their operations as quickly as possible.

Canada’s National Cyber Threat Assessment

In 2020, the Canadian Center for Cyber Security released its first National Cyber Threat Assessment where it assessed that the physical safety of Canadians is being put at risk because of growing OT attacks against the nation’s critical infrastructure.

The report states: “Since January 2019, at least seven ransomware variants have contained instructions to terminate ICS processes. The impact of these attacks on ICS varies according to the specific circumstances of the industrial process and the reaction of the site staff. In June 2020, a car manufacturer halted production at most of its North American plants, including one in Canada, ‘to ensure safety’ after very likely being hit by one of these ransomware variants.”

The Canadian cybersecurity agency also writes that ransomware operatives are engaged in big game hunting, focusing their activities on institutions like critical infrastructure organizations “that will not tolerate sustained disruptions to their networks and are willing to pay large ransoms to quickly restore their operations.”

A year later, the agency released a bulletin where it reasoned that “cybercriminals are almost certainly improving their capabilities, and are very likely to attempt to target high-value Canadian organizations with large OT assets, including those in CI, in search of larger ransom payments and valuable data.”

CISA, FBI, and NSA Issue a Joint Cybersecurity Advisory

In the beginning of 2022, CISA, FBI, and NSA released a joint cybersecurity advisory where they called on all U.S. critical infrastructure organizations to pay extra attention to risks posed by Russian state-sponsored cyber operations. Per the advisory, “Russian state-sponsored cyber operations against critical infrastructure organizations have specifically targeted operational technology (OT)/industrial control systems (ICS) networks with destructive malware.”

The advisory provides an extensive inventory of the tactics and techniques employed by these Russian state-sponsored actors. Finally, the three agencies encourage all critical infrastructure organizations to implement certain recommendations to mitigate the threat. These recommendations include:

  • Being prepared by confirming reporting processes and reviewing one’s incident response plans.
  • Enhancing one’s security posture by implementing best practices for identity and access management, protective controls and architecture, and vulnerability and configuration management.
  • Increasing vigilance.

Critical infrastructure organizations can protect their OT systems by focusing on the security fundamentals. They can achieve that by investing in a security solution that empowers them to discover and profile all their industrial assets, monitor the status of their network and systems, harden those assets against plant disruptions, and conduct granular vulnerability assessments to gauge their OT cybersecurity on an ongoing basis. Learn how Tripwire can help.

The post ” OT Cybersecurity Concerns Are Increasing Across the Globe” appeared first on TripWire

Source:TripWire – Anastasios Arampatzis

Tags: Critical Severity, Finance, High Severity, Low Severity, Malware, Ransomware, TripWire

Continue Reading

Previous New Linux Kernel Cgroups Vulnerability Could Let Attackers Escape Container
Next What Is CPS 234 and Who Needs to Comply with It?

More Stories

  • Cyber Attacks
  • Data Breach

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

2 hours ago [email protected] (The Hacker News)
  • Vulnerabilities

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

5 hours ago [email protected] (The Hacker News)
  • Malware

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

7 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Malware

Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware

9 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

11 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

1 day ago [email protected] (The Hacker News)

Recent Posts

  • TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
  • Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
  • AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
  • We Are At War
  • Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT