TMCnet News
Industrial and Critical Infrastructure Networks Are Ripe Targets for Cyberattackers, According to New Risk Data from CyberXBOSTON, Oct. 24, 2017 /PRNewswire/ -- CyberX, the industrial cybersecurity company safeguarding ICS infrastructures worldwide, today announced findings from its "Global ICS & IIoT Risk Report," a comprehensive review of the current state of Operational Technology (OT) security. Operational Technology networks are used with specialized Industrial Control Systems (ICS) to monitor and control physical processes such as assembly lines, mixing tanks, and blast furnaces. The data clearly shows that OT networks are ripe targets for adversaries, whose motives range from criminal intent to operational disruption and even threats to human and environmental safety. Many are exposed to the public internet and easy to traverse using simple vulnerabilities like plain-text passwords. Lack of even basic protections like anti-virus can enable attackers to quietly perform reconnaissance before sabotaging physical processes. As a result, once attackers get into an OT network — either via the internet or by using stolen credentials to pivot from corporate IT systems to OT networks — it's relatively easy for them to move around and compromise industrial devices. According to a new US CERT advisory citing analysis by the DHS and FBI, threat actors are currently engaged in APT attacks using spear phishing to obtain stolen credentials from ICS personnel. Although industry experts have been warning us for years that our OT networks are vulnerable — missing many of the built-in controls found in IT networks like automated updates and strong authentication — this is the first time we've had real-world data to objectively evaluate the risk. "The risk to OT networks is real — and it's dangerous and perhaps even negligent for business leaders to ignore it," said Michael Assante, ICS/SCADA Lead for the SANS Institute. To obtain this data, CyberX analyzed production traffic from 375 representative OT networks worldwide across all sectors — including energy & utilities, manufacturing, pharmaceuticals, chemicals, and oil & gas — using its proprietary Network Traffic Analysis (NTA) algorithms. Similar to the methodology used for the Verizon Data Breach Investigations Report (DBIR), the analysis was performed on an anonymized and aggregated set of metadata with all identifying information removed. Rigorous attention was paid to preserving the confidentiality of sensitive customer information. Some of the eye-opening conclusions include:
Added Nir Giller, CTO and co-founder of CyberX: "It was important for us to produce reliable, aggregated risk data and we're hoping these results will serve as a wake-up call to the entire industry. The data is certainly consistent with what we've seen anecdotally in OT networks worldwide." Recommendations
SANS refers to this multi-layered approach as "Active Cyber Defense" — using security operations to continuously identify and counter threats. According to SANS, the Active Cyber Defense Cycle consists of four phases that continuously feed each other: asset identification and network security monitoring; incident response; threat and environment manipulation (e.g., addressing vulnerabilities); and threat intelligence consumption. The increased visibility, intelligence, and proactive actions defined by this approach enable organizations to significantly reduce risk to their vulnerable OT networks and move beyond the limitations of perimeter security, which is no longer sufficient to protect against new threats such as targeted attacks, sophisticated malware, and insider threats. CyberX will be discussing the results of its "Global ICS & IIoT Risk Report" at the ICS Cyber Security Conference in Atlanta (October 24-26). In addition, CyberX's VP of Research, David Atch will be presenting at 4:15pm on Tuesday, October 24 in a session entitled "Not Your Father's AM Radio Transmission: Exfiltrating Reconnaissance Data from Air-Gapped ICS/SCADA Networks By Injecting Ladder Logic Code into PLCs." Methodology To download the full report, please click here: https://cyberx-labs.com/en/risk-report-2017 About CyberX (Twitter: @CyberX_Labs) Founded by military cyber experts previously responsible for defending critical national infrastructure, CyberX is the only OT security firm selected for the SINET Innovator Award sponsored by the US DHS and DoD; the only one recognized by the International Society of Automation (ISA); and the only one selected by the Israeli national consortium providing critical infrastructure protection for the Tokyo 2020 Olympics. CyberX addresses the need for robust industrial security with continuous ICS threat monitoring and asset discovery, combining a deep understanding of industrial protocols and devices with ICS-specific behavioral analytics, threat intelligence, and risk analytics. The company's platform is 100% vendor-agnostic and integrates seamlessly and non-intrusively with all OT environments and IT security tools. With a long history of innovation, CyberX was the first OT security supplier to address all four requirements of Gartner's Adaptive Security architecture: Prediction, Prevention, Detection, and Response. For more information visit CyberX-Labs.com. Media Contact View original content with multimedia:http://www.prnewswire.com/news-releases/industrial-and-critical-infrastructure-networks-are-ripe-targets-for-cyberattackers-according-to-new-risk-data-from-cyberx-300541943.html SOURCE CyberX |