Ransomware Threatens Operational Systems
Ransomware dominated news headlines in the first half of 2021, particularly with the attack on Colonial Pipeline. While this notable incident did not involve a direct breach of the OT network, pipeline systems were disabled by the company, causing gas shortages along the US East Coast.
This attack highlighted the link between IT and OT risks. Even if the attack did not pass from IT to OT, operational systems were disrupted due to security vigilance.
Ransomware threats are now a topic of conversation at board level. All organizations with OT systems need to understand how these attacks are carried out and how to defend against them.
Modern ransomware attacks are increasingly carried out by criminal groups using the Ransomware as a Service (RaaS) model. These groups operate like a cartel, with a profit motive and a multitude of unrelated parties acting together in an ecosystem.
Vulnerabilities published by ICS-CERT increased 44% in the first half of 2021 compared to the second half of 2020. The number of affected manufacturers increased by only 5%, while the number of products increased by 19%.
The top three affected sectors are Critical Manufacturing and Energy, a grouping defined as Multiple Industries. The key industry trend is that vulnerabilities affecting the Critical Manufacturing sector alone increased by 148%. This poses an additional challenge for an industry where many segments are struggling to gain momentum from pandemic-induced shutdowns.
What You Need to Know to Fight Today’s Threats
A successful ransomware attack can be extremely debilitating, leaving victims with no choice but to comply with the hackers’ demands. Taking proactive steps to prevent a ransomware infection is key to significantly reducing the risk.
The first area of focus for ransomware prevention is to reduce the opportunities for initial access to your networks. This includes having spear-phishing protection, implementing security awareness training and enforcing multi-factor authentication (MFA) wherever possible.
It is also important to strengthen defense in depth measures according to the cybersecurity standard most relevant to your organization (Defense in Depth).
As ransomware attacks increase in frequency and sophistication, adopt a post-breach mindset. For example, have a detailed plan for a failure in IT that could impact OT, with operational continuity and disaster recovery components.
Regarding vulnerabilities, knowing the numbers for a specific timeframe is not the way to assess risk. Instead, assess your security baselines against major threats such as REvil or emerging ransomware and strengthen your attack surface.
When choosing an IoT device, remember that these devices are often insecure by design. If you need the ability to remotely monitor your IP Cameras, do your due diligence on the technology and vendors involved.
Cybercrime will continue to increase as the pandemic becomes more manageable and economies strengthen.
Here are 10 actions you should take immediately to protect your operations:
Contact us for Online Presentation and Demo of our OT and IoT Network Visibility, Cyber Security and Anomaly Detection product Nozomi Networks Guardian: