News
Reports
Vendors

SolarWinds attack, ransomware led to doubling up of cyber threats in industrial and critical infrastructure

February 19, 2021
cyber threats in industrial and critical infrastructure

SolarWinds attack proved to be one of the ‘most successful espionage operations ever discovered,’ in addition to highlighting the risks to end users who have limited agency over the software used within their networks, Nozomi Network Labs said in its latest ‘OT/IoT Security Report.’ Cyber threats in industrial and critical infrastructure are on the rise.

The SolarWinds supply chain attack led to the infection of thousands of primarily U.S.-based organizations, said Nozomi on Thursday, urging asset owners to re-evaluate the attack surfaces of their operational technology (OT) and Internet of Things (IoT) systems, and reassess supply chain risks.

Cyber threats in industrial and critical infrastructure reached new heights as threat actors doubled down on high value targets, Nozomi said. With industrial organizations ramping connectivity to accelerate digital transformation and remote work, threat actors are weaponizing the software supply chain and ransomware attacks are growing in number, sophistication and persistence.

Outlining the biggest threats and risks to OT and IoT environments, the Nozomi report lists out 18 specific threats that IT and OT security teams must examine, as they model threat vectors and evaluate risks across OT systems.

“This report leaves no doubt that the time for action is now,” said Moreno Carullo, Nozomi’s co-founder and CTO in the press statement. “The recent Oldsmar, Florida, water system attack and the ongoing SolarWinds investigation are dramatic reminders that the critical infrastructure and other systems that we rely on are vulnerable and at constant risk of attack. Understanding the effectiveness of defenses against the emerging threat and vulnerability landscape is vital to success.”

The SolarWinds attack also reflects the most important recent vulnerability trend, which is supply chain research and exploitation. It is an example of a threat actor very carefully selecting a widely used software as its supply chain target, wrote Alessandro Di Pinto in a company blog post. “This attack highlights the risks to end users who have limited agency over the software used within their networks,” he added.

Apart from the SolarWinds attack, Nozomi identifies the software supply chain threat from embedded components, as exemplified by the Ripple20 vulnerabilities identified in the TCP/IP stack from Treck. Attack surface reduction and network segmentation are ideal to counter supply chain risks, the Nozomi report said. In addition, OT and IoT network monitoring is a key technology that helps define the attack surface and detect anomalous activity indicative of an advanced threat.

Nozomi also emphasized that ransomware threat actors dominate the threat landscape, doggedly targeting organizations they believe can pay lucrative ransoms. Apart from demanding financial payments, these cyber attackers are exfiltrating data and compromising networks for future nefarious activities. The sophistication of ransomware criminals is increasing, as more are using combinations of strategies and threat vectors. A prime example is the Ryuk ransomware group, which is estimated to be behind a significant percentage of all ransomware attacks last year.

Nozomi also investigated 151 industrial advisories published by ICS-CERT and classified them into Common Weakness Enumeration (CWE) categories. Memory corruption errors are the dominant type of vulnerability for industrial devices, and Nozomi expects this situation to continue as many industrial control systems (ICS) assets lack intrinsic security and receive limited security oversight. CWE refers to the universal online dictionary of weaknesses identified in computer software.

In a threat landscape where ransomware organizations are attacking companies indiscriminately, it is vital to understand the vulnerabilities under active exploitation. The risk is heightened by the fact that nation state groups are utilizing non-zero-day vulnerabilities to conduct sophisticated attacks, the Nozomi report said. Organizations should focus on identifying unpatched software and implementing update or mitigation policies. Subscription to threat intelligence services helps by providing current OT and IoT threat and vulnerability intelligence.

Moving beyond 2020, a year of unprecedented change, Nozomi expects OT and critical infrastructure systems to be more important than ever to healthcare, economies, and societies. Companies that move forward with improving OT/IoT visibility, security, and threat intelligence are best able to ensure the availability, safety and confidentiality of their operational systems.

With increasing and evolving cyber threats, understanding the effectiveness of defenses against the emerging threat and vulnerability landscape is vital. By providing current threat and vulnerability analysis, with recommendations, the OT/IoT Security Report aims to help organizations assess and enhance their security posture.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
Radiflow helps customers achieve NIS2 compliance, spurring growth in Europe
Radiflow, Exclusive Networks partner to elevate OT cybersecurity
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape