According to a new report released by cybersecurity company Nozomi Networks, cyber threats against operational technology and Internet of Things infrastructure are increasing. The report, released on July 21, found that cyber threats have continued to grow in number and impact in the first half of 2020.
“The steep rise in threats targeting operational networks should be a serious concern for security professionals responsible for keeping not only IT, but OT and IoT networks safe,” said Andrea Carcano, Nozomi Networks Co-founder and CPO, in a press release. “The days when threats to operational networks were few and far between and often attributed to nation-state actors are clearly behind us. As IT, OT and IoT worlds converge, threat actors of all types are setting their sights on higher value targets, leaving security organizations scrambling to keep up. It’s a daunting task, but not impossible. We know from working with thousands of industrial installations that you can monitor and mitigate these risks, whether they stem from cybercriminals, nation-states or employees.”
Nozomi Networks’ “OT/IoT Security Report” summarizes the most active OT and IoT cyber threats and vulnerabilities seen in the first six months of this year. The report shares insights into threat tactics and techniques and provides recommendations for protecting critical networks.
According to the report, attackers have been using IoT botnets and shifting ransomware tactics to target OT and IoT networks. Nozomi Networks Labs attributes the increase to an increasing reliance on IoT devices as a result of the COVID-19 pandemic forcing a global shift to remote work.
“The COVID-19 pandemic has had a major impact on the global socio-economic environment. It has taken almost half a million lives and cost the global economy an estimated $9 trillion,3 or up to 10% of global economic output. In terms of the threat landscape, it has provided threat actors with more vectors and opportunities for exploitation, in both computer systems and human psychology,” the report says. “For example, many phishing campaigns are utilizing COVID-19 themes to trick targets into providing access to their systems. During the second week of April 2020, Google saw 18 million daily COVID-19 themed malicious emails.”
According to the report, new and modified IoT botnets are among the fastest growing categories of attacks, as threat actors take advantage of the increased use of IoT devices in operational networks.
Researchers also found that ransomware attackers are demanding higher ransoms, aimed at larger and more critical organizations. Additionally, these attackers have been using a two-pronged approach that combines data encryption with data theft, making it difficult for victims to avoid paying the ransom. Nozomi Networks Labs indicates that the SNAKE/EKANS ransomware has continued to be among the most prevalent cyber threats.
“Ransomware attacks targeting a variety of industry verticals remain commonplace. What is changing is the significance of the targets,” the report says. “Over the last year, one U.S. firm found that the average ransomware payment jumped more than ten times to $302,539 across 950 incidents. Ransomware gangs had shifted to focusing on larger, more critical targets with deeper pockets, including manufacturers, energy operators, local municipalities, and others.”
The report also looks at industrial control system vulnerabilities as reported by ICS-CERT, a program run by the United States Cybersecurity and Infrastructure Security Agency. According to researchers, improper input validation and buffer overflows topped the ICS-Cert vulnerabilities reported in the first half of 2020. Overall, the report indicates that the number of vulnerabilities tracked by ICS-Cert is growing significantly compared to 2019.
“Given that threats are increasing and constantly changing, it’s important to maintain high cyber resiliency and fast response capabilities,” the report says. “In this regard, security gaps related to people, processes and technology have a large impact. For example, the separation of IT and OT in organizations with increasingly connected IT, OT, and IoT systems, can lead to blind spots. But, with the right technology and a focus on best practices, you can increase visibility and operational resiliency.”