Attacks and Vulnerabilities
Critical infrastructure
Industries
Manufacturing
Mining, Oil & Gas
News
Reports
Risk & Compliance
Transportation
Utilities: Energy & Power, Water, Waste

Malware, vulnerabilities targeting OT systems surge

September 20, 2021
OT systems

Increasing threats of vulnerabilities are steadily rising, particularly in sensitive areas such as OT systems and network devices, putting vital infrastructure at risk, according to data released by Skybox Research Lab in its ‘Vulnerability and Threat Trends Mid-Year Report 2021.’ The skyrocketing number of OT devices in many organizations, fueled in part by the explosion of IIoT (Industrial Internet of Things) products, is adding to the challenge. To make matters worse, many of these formerly air-gapped systems are now being connected to networks for purposes of automation and remote monitoring and maintenance, exposing them to external threats.

Hackers are increasingly attacking operational technology (OT) systems as low-hanging fruit and ransomware attacks are becoming commonplace. Cybercriminals know how indispensable OT assets and the systems they control are, and that companies will pay hefty ransoms to avoid disruptions and shutdowns, Skybox said. While OT vulnerabilities have become a high-value target for threat actors, those same flaws are often invisible to security teams. That’s because many OT systems are hard or impossible to scan. 

Cybercriminals are all too aware that OT systems are ripe for the picking, and that ransomware attacks on those systems have a high likelihood of paying off. Companies simply can’t afford to have these essential systems disabled, so they are often willing to pay large sums to keep them online.

New vulnerabilities in OT devices were up 46 percent in the first six months of this year compared to the first half of 2020, posing a growing threat to critical infrastructure and other vital systems, made manifest in a series of high-profile attacks on facilities such as oil pipelines, water supplies, and food processing facilities, according to the Skybox report. To make matters worse, it can be difficult or impossible to identify and remediate OT vulnerabilities through scanning and patching. 

In the first half of 2021, Skybox data revealed that there were 519 CVEs (critical vulnerabilities and exposures) in the OT sector reported by CISA, compared to 356 CVEs in the first half of last year. CISA advisories on OT vulnerabilities grew similarly, by 45 percent. Hackers are taking advantage of these OT weaknesses in ways that do not only endanger individual companies but also threaten public health and safety and the economy as a whole. 

Nearly all major vendors of OT equipment reported increases in vulnerabilities, especially Siemens. The number of new unique CVEs assigned to Siemens vulnerabilities doubled in the first half of this year compared to the same period last year, the report said. This could be in part because of the key role played by Siemens in terms of its market share with various products, or perhaps because of more thorough reporting by the company during this period. 

At best, companies scan OT systems infrequently, maybe once or twice a year, as they cannot afford to take these mission-critical systems offline or degrade service, according to the report. Likewise, patching many OT systems is technically impossible or too cumbersome and costly to address all vulnerabilities.

Skybox Research Lab detected that network infrastructure is also increasingly at risk, as network device vulnerabilities rose by nearly 20 percent compared to the first six months of 2020. Products such as routers, VPNs (virtual private networks), and firewalls – intended to power and protect networks – are in many cases providing new entry points for malicious actors. As with OT systems, network devices can be difficult to scan and patch.

Like OT, network devices are an ‘Achilles heel’ for many organizations. These devices are critically important parts of the infrastructure, yet their security flaws are often invisible because network devices are difficult or impossible to effectively scan. Scanning can impact performance or even shut down systems and is further complicated by the need for special passwords and access privileges. 

OT security has become a growing cause for worry in recent years. As Gartner Research puts it, “OT systems are usually the crown jewels for organizations. They are core systems for value and revenue creation. If they go down, they cripple operations.” Despite the criticality of these facilities, the security measures in place on OT products are often weak or nonexistent. For example, many devices still use generic default passwords and have insecure APIs and protocols that don’t enforce proper authentication. 

The report said that there were 9,444 new vulnerabilities reported in the first half of this year, not far off last year’s record-setting pace. These new vulnerabilities add to a daunting cumulative total that’s making it harder than ever for security organizations to make a dent without knowing which vulnerabilities present the highest risk. The frequency and scope of malicious activity are increasing apace. 

Exploits in the wild are on the upswing, as this report details, and so far 2021 has seen some of the most audacious and potentially devastating cyberattacks in history— some exploiting OT and network vulnerabilities to disrupt vital facilities, such as public utilities and energy infrastructure. At the same time, security organizations have had their hands full managing the massive technological shifts required by the pandemic, while also coping with staffing limitations and a slew of competing priorities.

As new vulnerabilities arise, attack vectors are springing up to exploit them and capitalize on emerging economic opportunities, Gidi Cohen, CEO and founder, Skybox Security said. “Witness the boom in cryptomining malware and the ongoing growth of ransomware. Threat actors now have a robust set of tools and a flourishing ecosystem to support their endeavors. Vendors of exploit kits and malware-as-a-service make it simpler than ever to mount campaigns and launch attacks, with cryptocurrency easing the movement of money and collection of ransoms,” he added. 

More vulnerabilities present more opportunities for exploits, and threat actors are taking advantage. The number of new vulnerabilities exploited in the wild increased 30 percent relative to the same period last year.  While new malware increased in almost every category, cryptojacking topped the list. This type of malware, which hijacks computer systems for cryptocurrency mining, more than doubled. This is just the latest example of how dynamic an industry malware has become, quickly adapting its offerings and business models to serve emerging markets. 

Skybox reported that another malware category that grew in the first half of this year is ransomware, which rose by 20 percent compared to the first half of last year. Given the increasing popularity and profitability of ransomware attacks, it is likely that this class of malware will continue to grow in the years ahead. 

The report also found that the malware creators have new vulnerabilities on their radar, and are actively developing novel malware to take advantage of the latest weaknesses. Often this is accomplished by simply tweaking existing malware to perform new exploits.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

GAO report indicates that NASA should update spacecraft acquisition policies and standards for cybersecurity
GAO report indicates that NASA should update spacecraft acquisition policies and standards for cybersecurity
Sygnia
Sygnia aligns with NVIDIA, revolutionizes OT security for energy and industrial sectors
Armexa adds John Cusimano as vice president to its leadership team
Armexa, ISA partner to offer standards-based OT cybersecurity training
House Committee emphasizes importance of CIRCIA implementation for cyber preparedness
House Committee emphasizes importance of CIRCIA implementation for cyber preparedness
Global cybersecurity agencies issue alert on threat to OT systems from pro-Russia hacktivist activity
Global cybersecurity agencies issue alert on threat to OT systems from pro-Russia hacktivist activity
Insane Cyber
Insane Cyber closes $4.2 million funding round to safeguard critical infrastructure installations
Building a Culture of Cyber Resilience in Manufacturing (WEF)
WEF playbook addresses cyber resilience in manufacturing and supply chains, provides three guiding principles
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
US DHS delivers safety and security guidelines to secure critical infrastructure from AI-related threats
US DHS delivers safety and security guidelines to secure critical infrastructure from AI-related threats