Do you feel like the number of threats against your operating environments is constantly rising? If so, you are not alone. In fact, as the most recent Verizon DBIR results demonstrate, manufacturers have become meaningful targets of attacks. Add to these results, new research from Kaspersky shows that 55% of industrial organizations believe that the Internet of Things will change the state of security in industrial control systems (ICS).
Simply put, today’s heavily connected environments represent significant opportunities for today’s bad actors. The opportunity goes well beyond access to personally identifiable data – information that only has a very short shelf life for criminals. Instead, access to manufacturing environments means hackers can steal intellectual property, understand production paths and gain insights into what makes your business environments tick.
According to Andrea Carcano, co-founder of Nozomi Networks, a provider of OT and IoT security and visibility solutions, “These survey findings echo what we’ve been seeing now for some time with our industrial customers worldwide. IoT devices – and 5G mobility – are becoming key drivers and critical considerations in their digital transformation. And, just like the ERP market was blowing up in the late 90's primarily on tailwinds from the Y2K event, we believe digital transformation is accelerating 3-5 years on the tailwinds of the COVID-19 pandemic.”
Carcano continues, “It’s encouraging to see that a majority of those polled understand that all these “things” require a change in the state of security for ICS – and to see that they’re pushing for new, more effective solutions for visibility and security of their IoT-enabled infrastructures. Juniper Research predicts there will be 83 Billion IoT connections by 2024 – and 70% are in the Industrial sector,” he says. “Traditional on-premises approaches won’t scale -- either in terms of being able to add thousands (or more) IoT devices quickly in a single plant facility, production line or mine -- or be able to analyze the volume of data that those devices generate. Effective cybersecurity solutions must be able to scale and deploy quickly and endlessly as devices are added – and be able to centrally manage and monitor endless numbers of devices, from multiple locations anywhere in the world.”
Rinse and Repeat
Indiana-based auto supplier KYB Corp. surfaced as the latest victim of a ransomware attack known as NetWalker. The ransomware uses phishing emails and weak RDP to gain initial access into a network, then moving within an organization to leverage other vulnerabilities to elevate privileges.
According to Satnam Narang, Tenable staff research engineer, “The NetWalker ransomware attacks rely on phishing emails, exploiting vulnerabilities in Apache Tomcat and Oracle WebLogic, as well as weak remote desktop protocol (RDP) credentials to gain initial access into a network. From there, they will utilize a variety of tools to move within an organization as well as leverage other vulnerabilities to elevate privileges, which include CVE-2020-07906, a critical vulnerability in Microsoft’s Server Message Block v3 (SMBv3) and CVE-2019-1458, a high severity local elevation of privilege vulnerability in Microsoft Windows Win32k.sys."
Narang continues, “Based on what we know, the Netwalker ransomware group has had much success in 2020 and reportedly earned US$25 million in ransom payments since March. Their success follows in the footsteps of other ransomware groups, such as Maze, who pioneered the concept of a ‘leak website’ or ‘leak portal’ where they name and shame their victims by threatening to release sensitive data they’ve exfiltrated if the ransom is not paid," he says.
“It’s important that organizations have a robust patch management process in place to ensure they are addressing unpatched vulnerabilities, which are proving to be a valuable tool for cybercriminals. Spearphishing emails or malicious emails with attachments are avenues for ransomware to propagate. Therefore, ensuring that email security gateway and endpoint security are up-to-date along with employee security awareness training could potentially thwart the next ransomware attack,” says Narang.