Sectrio

Author name: Abhay S K

OT Threat Hunting Unleashing Proactive Cybersecurity

Threat Hunting in OT Networks: Unleashing Proactive Cybersecurity

With the increasing digitization and connectivity of operational technology (OT) networks, the threat landscape has expanded, making it imperative for organizations to proactively hunt for potential cyber threats. Threat hunting in OT networks involves actively and continuously searching for signs of compromise or malicious activity that traditional security measures might miss. This article dives deep into the concept of threat hunting in OT networks, its significance in protecting critical infrastructure, and effective strategies to unleash proactive cybersecurity. Understanding Threat Hunting in OT Networks Threat hunting in OT networks is a proactive approach that aims to identify and mitigate advanced threats, including sophisticated attacks, zero-day exploits, and insider threats. It involves leveraging both human expertise and advanced technologies to detect anomalies, patterns, and indicators of compromise (IOCs) within the OT environment. By proactively seeking out threats, organizations have the ability to stay ahead of adversaries and minimize risks to operational continuity. The Importance of Threat Hunting in OT Networks Threat hunting in OT networks offers several key advantages 1. Detection of Advanced Threats Traditional security measures often struggle to identify sophisticated attacks targeting OT systems. Threat hunting fills this gap by actively seeking out signs of compromise, enabling early detection and response to emerging threats. 2. Reduction of Dwell Time Threat hunting reduces the dwell time, which is the duration that adversaries remain undetected within the network. By shortening the dwell time, organizations can minimize the potential damage and disruption caused by an ongoing cyber attack. 3. Mitigation of Insider Threats Insider threats pose a significant risk to OT networks. Through threat hunting, organizations can proactively identify any abnormal or suspicious behavior exhibited by employees or contractors, mitigating the risk of insider threats. 4. Enhanced Incident Response By adopting a proactive approach, threat hunting equips organizations with actionable OT/ICS specific threat intelligence and insights necessary for effective incident response. This allows security teams to rapidly contain, eradicate, and recover from any security incidents, minimizing the impact on critical operations. Also Read: Complete Guide to Cyber Threat Intelligence Feeds Strategies for Effective Threat Hunting in OT Networks To conduct successful threat hunting in OT networks, organizations should implement the following strategies: 1. Define Clear Objectives Establish clear goals and objectives for threat hunting activities, aligned with the organization’s risk tolerance and operational priorities. 2. Leverage Threat Intelligence Utilize OT/ICS specific threat intelligence feeds and external sources to gain insights into the latest attack techniques, indicators of compromise (IOCs), and threat actor behaviors specific to OT environments. 3. Use Advanced Analytics and AI Employ advanced analytics, machine learning, and artificial intelligence (AI) techniques to analyze vast amounts of OT data in real-time. These technologies enable the detection of anomalies, patterns, and potential indicators of compromise. 4. Combine Human Expertise with Automation Human analysts with deep knowledge of OT systems should collaborate with automated tools and technologies. This combination enhances the effectiveness of threat hunting by leveraging human intuition and expertise alongside the scalability and speed of automation. 5. Adopt Endpoint Detection and Response (EDR) EDR solutions play a crucial role in threat hunting by providing real-time visibility into endpoint activities, enabling proactive threat hunting and faster response to potential threats. 6. Conduct Regular Red Team Exercises Simulate realistic attack scenarios through red team exercises to test the effectiveness of existing security measures and identify any potential weaknesses or blind spots in the OT network. Compliance Kit: Cybersecurity Tabletop Exercise Planning Manual Overcoming Challenges in Threat Hunting for OT Networks While threat hunting in OT networks brings significant benefits, it also presents certain challenges that organizations must address. 1. Lack of OT-Specific Expertise Finding skilled personnel with expertise in both OT systems and cybersecurity can be challenging. 2. Access to Comprehensive OT Data Gathering and analyzing comprehensive data from OT networks can be complex due to various legacy systems, proprietary protocols by the OEMs, and limited visibility into OT environments. To find out how Sectrio’s solution can help get over this challenge, watch us in action now: Request a Demo 3. Integration with Existing Security Infrastructure Ensuring seamless integration between threat hunting activities and existing security infrastructure, such as security information and event management (SIEM) systems and intrusion detection systems (IDS), can pose challenges. 4. Balancing Security and Operational Requirements OT environments prioritize operational continuity, which can sometimes conflict with the security measures implemented during threat hunting. Striking a balance between security and operational requirements is crucial to prevent disruptions while maintaining robust cybersecurity. 5. Adapting to Evolving Threats Threat actors continually evolve their tactics and techniques, necessitating constant updates and adjustments to threat hunting strategies and methodologies. Sectrio eBook: OT Security Challenges and Solutions Real-Life Examples of Threat Hunting in OT Networks Illustrating the effectiveness of threat hunting in OT networks, here are a few real-life examples 1. Identifying Malware Infections Through threat hunting, an energy company discovered signs of malware infection in their OT network. By proactively investigating the anomalies, they were able to isolate and remove the malware before it caused any operational disruption. 2. Detecting Insider Threats During a threat hunting exercise, an industrial manufacturing company identified suspicious activities indicating a potential insider threat. The timely detection allowed them to investigate further, identify the compromised user account, and mitigate the risk before it led to significant damage or data exfiltration. 3. Uncovering Hidden Vulnerabilities By conducting thorough threat hunting activities, a transportation organization discovered previously unknown vulnerabilities in their OT systems. They promptly patched the vulnerabilities, reducing the risk of exploitation by threat actors. 4. Mitigating Advanced Persistent Threats (APTs) A critical infrastructure provider proactively engaged in threat hunting to identify indicators of an advanced persistent threat (APT) targeting their OT network. Through continuous monitoring and analysis, they were able to detect the APT’s presence, gather intelligence, and collaborate with law enforcement agencies to mitigate the threat effectively. For CISOs: Simplify the RoI for an OT Threat Hunting program Getting buy-in from the board can always be tough, here are a few pointers on the ROI that can be

Threat Hunting in OT Networks: Unleashing Proactive Cybersecurity Read More »

Role of threat intelligence in OT security Best practices and use cases

Role of threat intelligence in OT security: Best practices and use cases

In today’s interconnected world, operational technology (OT) systems play a crucial role in industries such as manufacturing, energy, and transportation. However, with increased connectivity comes the risk of cyber threats targeting these critical infrastructures. To effectively safeguard OT systems, organizations must employ robust security measures, including threat intelligence. This article explores the role of threat intelligence in OT security, highlighting best practices and providing insightful use cases to demonstrate its effectiveness in mitigating risks and protecting vital industrial operations. Understanding Threat Intelligence in OT Security Threat intelligence involves gathering and analyzing data from various sources to identify potential threats and vulnerabilities. In the context of OT security, threat intelligence provides organizations with valuable information about the tactics, techniques, and procedures (TTPs) employed by threat actors targeting industrial systems. By monitoring and analyzing this intelligence, security teams can enhance their proactive defenses and respond effectively to emerging threats. Best Practices for Implementing Threat Intelligence in OT Security To maximize the benefits of threat intelligence in OT security, organizations should follow these best practices: 1. Comprehensive Data Collection Collecting data from multiple sources, including open-source intelligence (OSINT), dark web monitoring, internal network logs, and threat feeds, helps create a comprehensive threat landscape. 2. Contextual Analysis Analyze collected data in the context of the organization’s OT environment to understand the specific risks and prioritize mitigation efforts accordingly. Consider factors such as critical assets, vulnerabilities, and potential impact on operations. 3. Automated Threat Detection Leverage machine learning and artificial intelligence (AI) technologies to automate the detection of potential threats, enabling real-time monitoring and rapid response. Implement anomaly detection algorithms and behavioral analytics to identify deviations from normal OT system behavior. Also read: Complete Guide to Cyber Threat Intelligence Feeds 4. Collaboration and Information Sharing Foster collaboration within the industry by sharing anonymized threat intelligence with trusted partners, industry-specific Information Sharing and Analysis Centers (ISACs), and government agencies. This collective defense approach helps organizations stay ahead of emerging threats and strengthens the overall security posture. 5. Regular Training and Education Provide ongoing training to OT security teams to ensure they stay updated with the latest threat trends, attack techniques, and mitigation strategies. Build a culture of security awareness among employees to minimize the risk of human error or insider threats. Use Cases Demonstrating the Effectiveness of Threat Intelligence in OT Security 1. Early Detection of Malicious Activities By correlating threat intelligence with network activity logs, organizations can identify anomalous behavior indicative of a potential cyber attack. This early detection allows security teams to respond promptly, minimizing the impact on critical operations. For example, if threat intelligence indicates a rise in ransomware attacks targeting industrial control systems (ICS), security teams can proactively monitor for related indicators and take preventive actions. 2. Proactive Vulnerability Management Threat intelligence enables organizations to stay informed about emerging vulnerabilities affecting OT systems and associated mitigations. By monitoring threat intelligence feeds and vulnerability databases, organizations can prioritize patch management and implement necessary security measures before threat actors exploit vulnerabilities. This proactive approach helps minimize the risk of successful attacks. 3. Incident Response and Threat Hunting In the event of an incident, threat intelligence provides crucial insights into the tactics, tools, and indicators of compromise (IOCs) used by threat actors. This information aids in incident response, facilitating rapid containment, eradication, and recovery. Furthermore, threat intelligence can empower proactive threat hunting activities, allowing organizations to proactively search for threats within their OT environments. 4. Supply Chain Security Threat intelligence helps organizations assess the security posture of their suppliers and vendors. By monitoring potential threats to the supply chain, organizations can mitigate risks and ensure the integrity and security of the OT ecosystem. Threat intelligence enables organizations to identify any vulnerabilities or compromises within their supply chain partners, allowing for timely remediation actions and ensuring a trusted and secure supply chain network. The Evolving Landscape of OT Threats The threat landscape for OT systems is continually evolving, requiring organizations to stay vigilant and adapt their security measures accordingly. Threat intelligence plays a vital role in keeping pace with emerging threats. Some of the notable OT threats include 1. Malware and Ransomware Attacks Malicious software specifically designed to target OT systems can cause disruptions, compromise safety, and demand ransom payments. Threat intelligence helps organizations identify new strains of malware, track their propagation, and develop effective countermeasures. 2. Insider Threats Insiders with privileged access to OT systems can intentionally or unintentionally compromise the security of industrial operations. By leveraging threat intelligence, organizations can detect and mitigate insider threats, including unauthorized access, data exfiltration, or sabotage attempts. 3. Nation-State Attacks OT systems are potential targets for nation-state actors seeking to disrupt critical infrastructure. Threat intelligence provides insights into the tactics and strategies employed by these advanced adversaries, enabling organizations to enhance their defenses and resilience against such attacks. 4. Zero-Day Exploits Zero-day vulnerabilities are unknown to the public and can be exploited by threat actors before a patch is available. Threat intelligence helps organizations stay informed about potential zero-day vulnerabilities in their OT systems, allowing them to develop mitigations and workarounds until official patches are released. 5. Social Engineering Attacks Threat actors often employ social engineering techniques to manipulate employees into divulging sensitive information or performing malicious actions. By analyzing threat intelligence related to social engineering campaigns, organizations can educate employees, implement security awareness programs, and enhance their resilience against such attacks. Summary Threat intelligence plays a critical role in securing OT systems and protecting vital industrial operations from cyber threats. By implementing best practices, including comprehensive data collection, contextual analysis, automated threat detection, collaboration, and regular training, organizations can maximize the benefits of threat intelligence. The use cases discussed highlight the effectiveness of threat intelligence in early detection, proactive vulnerability management, incident response, and supply chain security. In a rapidly evolving threat landscape, organizations must prioritize threat intelligence as a fundamental component of their OT security strategy to safeguard critical infrastructure and ensure business continuity. Wish to learn more about the latest tactics and strategies adopted

Role of threat intelligence in OT security: Best practices and use cases Read More »

Why OT security gap and threat assessment is essential for your security posture

Why OT security gap and threat assessment is essential for your security posture

An Operational Technology risk and threat assessment can serve as a foundational activity for improving your overall approach to infrastructure security. Not only can it identify gaps in your OT security posture, but it can also help sensitize employees and to ascertain if you have the right resources, practices, and workflows to improve OT security. Each year, many security vendors and OEMs publish their threat environment assessment reports. 2023 is no different. In fact, Sectrio will be publishing its IoT and OT threat landscape assessment report in the coming week. Our report talks about the specific deterioration in the threat environment surrounding OT-based infrastructure. There are specific inputs on how threat actors, emboldened by their success in targeting OT infrastructure are now expanding their operations to target many aspects of OT including devices sitting at the periphery of OT networks as well as safety and instrumentation systems. Also Read: How to get started with OT security Thus, anytime is a right time to conduct an OT threat and gap analysis exercise to find out how susceptible your infrastructure is to such attacks and threat actors. As a leading OT security vendor, Sectrio has undertaken many OT threat assessment projects. Following are some of the best practices that our SMEs recommend for conducting an effective OT security risk and gap assessment 10 best practices for OT security gap and threat assessment 1. Start with the scope Determine the full scope of the assessment along with objectives. Which are the systems, devices, and processes that will be assessed? What are the parameters and what kind of assessment methodologies and models will be used? This will help you to focus your resources and efforts and ensure that you have a comprehensive understanding of not just the security risks but also the amount of time and resources involved. If there is any scope for a downtime, it should be identified here. 2. Identify the assets Identify the critical assets in the system that you are assessing and prioritize them based on need and on the possible impact in case of a cyberattack. This includes hardware, software, networks, and other components. It is advisable to identify the interdependencies as well. 3. Conduct a threat assessment Identify the potential threats that could affect the assets. This includes cyber threats such as malware, ransomware, side loading, man-in-the-middle attacks, and hacking, as well as physical threats such as natural disasters, accidents, and equipment failures. 4. Identify specific vulnerabilities Assess the security vulnerabilities that exist within the system. This includes both technical and non-technical vulnerabilities. 5. Measure compliance with IEC 62443 Do the systems comply with various IEC 62443 stipulations? IEC 62443 can serve as a guiding standard for various aspects of operations and infrastructure.  6. Evaluate the existing security measures and their impact Determine what security measures are already in place and assess their effectiveness. 7. Identify gaps Identify any gaps that exist in the current security measures and determine what additional measures are needed to address these gaps. 8. Develop a plan Develop a plan to address the identified gaps and mitigate the identified risks. This should include a prioritized list of actions and a timeline for implementation. 9. Implement the plan Implement the plan and monitor the system to ensure that the security measures are effective. 10. Conduct regular assessments Conduct regular assessments to ensure that the security measures remain effective and to identify any new risks or vulnerabilities that may have emerged. Conducting an OT security risk and gap assessment is a complex process that requires expertise in both industrial systems and cybersecurity. Which is why you need to speak to Sectrio. We have conducted OT security and threat assessments across industries. Our mature risk, gap and threat assessment approach can help your organization identify and mitigate gaps and threats.    Find out what is lurking in your network. Go for a comprehensive 3-layer threat assessment now by Sectrio

Why OT security gap and threat assessment is essential for your security posture Read More »

Securing-Legacy-OT-Systems-Challenges-and-Strategies

Securing Legacy OT Systems: Challenges and Strategies

Operational Technology (OT) systems are critical to the operation of industrial and critical infrastructure processes. These systems often consist of legacy equipment, hardware, and software that may be decades old and lack modern security features. As a result, legacy OT systems are vulnerable to cyberattacks that can disrupt operations, cause safety incidents, and result in significant financial losses. Read this blog and learn more about the challenges associated with securing legacy OT systems and outline strategies that organizations can use to enhance the security and reliability of their legacy OT systems. Challenges with Securing Legacy OT Systems Outdated Hardware and Software Legacy OT systems typically consist of outdated hardware and software that may be difficult to secure. These systems may not support modern encryption algorithms or secure communication protocols, leaving them vulnerable to eavesdropping, data theft, and manipulation. Lack of Encryption Encryption is essential to protecting sensitive data and communications in modern industrial and critical infrastructure processes. However, legacy OT systems may not support encryption, leaving them vulnerable to attacks that can compromise data confidentiality and integrity. Insecure Communication Protocols Legacy OT systems may use insecure communication protocols that can be exploited by attackers. For example, Modbus, a widely used communication protocol in legacy OT systems, does not include authentication or encryption, making it vulnerable to attacks that can compromise data integrity and availability. Lack of Security Awareness Operators and technicians who manage legacy OT systems may lack security awareness and training, making them vulnerable to social engineering attacks. Social engineering attacks can be used to gain access to sensitive information or systems by exploiting human vulnerabilities. Strategies for Securing Legacy OT Systems Conduct Risk Assessments Risk assessment is the process of identifying, evaluating, and prioritizing risks to legacy OT systems. This includes identifying vulnerabilities, threats, and potential consequences of a successful cyber-attack. Once identified, organizations should prioritize risks based on their potential impact and likelihood of occurrence. Based on the results of the risk assessment, organizations should develop and implement risk mitigation strategies to reduce the risk of successful cyberattacks. By regularly performing risk assessments and implementing risk mitigation strategies, organizations can proactively identify and address potential vulnerabilities in their legacy OT systems and improve their overall security posture Implement Network Segmentation Network segmentation involves dividing a network into smaller, more secure subnetworks, or segments, to limit the spread of cyberattacks. By segmenting legacy OT systems, organizations can isolate critical assets and limit the damage that could be caused by a successful cyberattack. Organizations should identify critical assets and systems and segment them from non-critical systems. This includes placing systems with similar functions, security requirements, and access controls in the same segment. In addition, organizations should regularly monitor and review their network segmentation policies and procedures to ensure that they remain effective and up-to-date. By implementing OT network segmentation, organizations can reduce the attack surface of their legacy OT systems, minimize the impact of successful cyberattacks, and improve overall system security. Implement Access Control Access control involves implementing mechanisms to control access to legacy OT systems. Access controls should include strong authentication, authorization, and accountability mechanisms. Organizations should limit access to critical systems only to authorized personnel with a legitimate need to access them. The first step in implementing access control is to identify the assets that need to be protected and the individuals or roles that require access. Access control policies should be developed to define the rules and procedures for granting and revoking access to these assets. Read more: IEC 62443, NIST Table of Roles & Responsibilities Template Strong authentication mechanisms, such as two-factor authentication or biometric authentication, should be used to verify the identity of users before granting access to the system. Authorization mechanisms should be implemented to define what actions users can perform on the system and which resources they can access. Implement System Hardening Hardening legacy OT systems involves implementing security controls to reduce the attack surface and improve the security posture of the systems. This includes implementing firewalls, intrusion detection and prevention systems, access controls, and other security measures to limit the potential for successful cyberattacks. In addition, organizations should disable or remove any unnecessary or unused services, protocols, and applications that could be exploited by attackers. This may include disabling unnecessary ports, removing default accounts and passwords, and restricting access to critical systems and components. By hardening their legacy OT systems, organizations can significantly reduce the risk of successful cyberattacks and improve the overall security of their critical infrastructure. It is important to note, however, that hardening should be performed in a careful and deliberate manner, as any misconfigurations or errors can result in unintended consequences or downtime. Implement Security Monitoring Implementing security monitoring for legacy OT systems involves using tools and techniques to identify and respond to potential cyber threats and attacks in real time. This includes implementing network and system monitoring tools, intrusion detection systems, and security information and event management (SIEM) solutions to detect and respond to potential threats. Know more: Find out how Sectrio Hub can be a centralized console for real-time threat monitoring Organizations should establish and follow incident response procedures that outline how to respond to a security incident or cyber-attack. This should include strategies for identifying the source and scope of the attack, containing the damage, and restoring systems and data to their pre-attack state. By implementing effective security monitoring for their legacy OT systems, organizations can detect and respond to potential threats in a timely and effective manner, reducing the risk of successful cyberattacks and minimizing the impact of any security incidents that do occur. It is important to note that security monitoring should be an ongoing process, and that organizations should regularly review and update their monitoring strategies to ensure that they remain effective in the face of evolving cyber threats and attack techniques. Implement Security Awareness and Training Implementing security awareness and training programs for legacy OT systems is critical to reducing the risk of successful cyberattacks caused by human error

Securing Legacy OT Systems: Challenges and Strategies Read More »

TSA Issues Emergency Cybersecurity Amendment for Critical Infrastructure

Prioritizing OT Network Segmentation: TSA Issues Emergency Cybersecurity Amendment for Critical Infrastructure

On March 8th, 2023, the Transportation Security Administration (TSA) announced a new and important cybersecurity amendment to the security programs of certain TSA-regulated airports and aircraft operators in the US. This emergency action follows a similar set of measures announced in October 2022 for passenger and freight railroad carriers. The TSA is taking this action due to persistent (and growing) cybersecurity threats directed against U.S. critical infrastructure, including the aviation sector. The overall goal is to increase the cybersecurity resilience of and harden U.S. critical infrastructure with extensive collaboration with aviation partners. In the wake of increasing cybersecurity threats, the TSA is prioritizing the importance of OT network segmentation policies and controls in the aviation sector. One of the key requirements outlined in the new amendment is the need for an OT network segmentation and controls. This is a critical step in ensuring that operational technology systems can continue to operate safely in the event that an information technology system has been compromised, and vice versa. By creating separate OT network segments for different types of systems, operators can reduce the risk of a single cyberattack taking down their entire infrastructure. OT Network Segmentation for Critical Infrastructure OT Network segmentation is a fundamental principle of cybersecurity and is essential for protecting critical infrastructure. Without proper OT network segmentation, a cyber attacker can easily move from one system to another, causing widespread disruption and damage. By isolating different types of systems from each other, operators can limit the impact of a cyberattack and prevent it from spreading throughout their network. In addition to OT network segmentation, the new amendment also requires operators to implement access control measures to prevent unauthorized access to critical cyber systems. This is another critical step in securing their networks and preventing cyberattacks. By limiting access to critical systems, operators can reduce the risk of a cyber attacker gaining control of their infrastructure. Continuous monitoring and detection policies and procedures are also essential for defending against cyber threats. Operators must be vigilant in monitoring their networks for signs of suspicious activity and responding quickly to any anomalies. This requires a combination of advanced cybersecurity tools and skilled cybersecurity personnel. Also read: How to get started with OT security Finally, the new amendment also emphasizes the importance of timely patching and updating of critical cyber systems. This is essential for reducing the risk of exploitation of unpatched systems, which are often targeted by cyber attackers. By prioritizing patching and updating of critical systems, operators can reduce the risk of a successful cyberattack. These measures are essential for protecting the nation’s critical infrastructure and ensuring the safe and secure transportation of people and goods. The TSA is working closely with industry stakeholders across all transportation modes to reduce cybersecurity risks and improve cyber resilience. This new amendment builds on previous requirements for TSA-regulated airport and aircraft operators, which included measures such as reporting significant cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA), establishing a cybersecurity point of contact, developing and adopting a cybersecurity incident response plan, and completing a cybersecurity vulnerability assessment. The TSA’s efforts to enhance the cybersecurity resilience of U.S. critical infrastructure are part of a larger national effort to secure the full benefits of a safe and secure digital ecosystem for all Americans. On March 2nd, 2023, the Biden-Harris Administration announced the National Cybersecurity Strategy to prioritize cybersecurity for all Americans. In conclusion, here are 7 key takeaways from the TSA’s new cybersecurity amendment: By prioritizing OT network segmentation and implementing other key cybersecurity measures, TSA-regulated entities can help reduce cybersecurity risks and improve cyber resilience to support safe, secure, and efficient travel. Find out how Sectrio’s OT Segmentation module can help Secure your IT-OT infrastructure today, Download now: Product Brief Sectrio MicroSegmentation We are giving away threat intelligence for free for the next 2 weeks. Find out how you can sign up and try out our threat intelligence feeds Find out what is lurking in your network. Go for a comprehensive 3-layer threat assessment now

Prioritizing OT Network Segmentation: TSA Issues Emergency Cybersecurity Amendment for Critical Infrastructure Read More »

Is India up for a Major Cybersecurity Overhaul

Is India up for a major cybersecurity overhaul?

Cyberattacks in India continue to grow at an alarming rate with each passing week and various quarters have called for a complete revamp of India’s cyber defense posture to not only reduce the impact of these attacks but also to send a strong message to the groups that are behind these attacks. However, such an approach begs the question. Will a single piece of legislation or mandate change things on the ground? Or does India need to look at multiple options? This article sheds light on the following questions: Cyberattack trends in India 2022 Why do cyberattacks in India continue to grow at an alarming rate? Why is India in need of a major cybersecurity overhaul in 2022? Will the Digital India program only remain as a vision? How can India strengthen its cyber defensive capabilities? The 6-hour cyber incident reporting rules The Summary – Getting down to brass tacks Cyberattack trends in India 2022 To understand why India is in dire need of a major cybersecurity overhaul, we need to first analyze the trends of cyberattacks from the past and be prepared to defend networks from any new and emerging threats. In the larger scheme of things, while dealing with cyberattacks, it’s always a wise decision to operate with an accurate assessment of the cyber threat landscape through cyber threat intelligence (CTI). Now, let’s get started with the highest priority and work our way down the pecking order.   To get started, Critical infrastructure is the backbone of a nation’s economy. In this case, Critical infrastructure in India is a vital operating organ of a nation that is currently in the middle of a massive digital makeover AKA transformation. Although the definition of critical infrastructure is wildly subject to change and often mistaken, here is a quick graph of what constitutes a part of the critical infrastructure. If you are now familiar with it, we can proceed to how the trends in cyberattacks impacting this sector have grown significantly. Getting down to the numbers. The attacks on critical infrastructure segments grew significantly by almost 70% in 2021 (Sectrio’s Global Threat Landscape 2022) when compared to the previous year. While the impact of the pandemic accelerated the growth and use of more technology, it also led to a staggering rise in the number of cyber-attacks and sophisticated threat actors which resulted in stealthy ransomware attacks, halts, or disruptions in vital operations, and reputation damage via data leaks. While rapid shifts and tactical attacks on critical infrastructure can be overwhelming and difficult for one to grasp, one sector faced the brunt of such cyberattacks and bad threat actors.   The manufacturing sector faced a record number of cyberattacks, a massive 101% rise in cyberattacks, targeting Industrial control systems (ICS), SCDA, PLCs, SIS systems, operational technology (OT), and in some cases even connected IoT devices such as printers, Internet connect Uninterrupted Power Supply (UPS) were compromised and became a beacon for lateral movement of malwares across networks. Smart cities in India also witnessed a spike of 20% in 2021 when compared to the previous year. This included attacks on Oil and Gas plants and power grids and substations. In fairness, the overall number when compared to the previous year was a whopping 290%, the highest spike recorded to this date in India. Source: The global threat landscape analysis and assessment report. In 2022, India could effectively come close to beating the United States in the number of cyberattacks considering the escalating geopolitical tensions in Europe. We expect a plague of sophisticated malwares, exploiting vulnerabilities at sight, regardless of a particular target in mind. A lowered threshold of state-backed actors is once again a growing concern in the days to come. Why cyberattacks in India continue to grow? There are plenty of motives behind a cyberattack or even none as a matter of fact, in some cases. But quantifying it in terms of weaknesses or flaws in a system open for exploitation is the right way. To touch base on a few prominent vulnerabilities that exist from what we have seen in the past are: Not Patching known vulnerabilities / Delayed process of patching vulnerabilities Lack or no practice of network segmentation and micro-segmentation Most compliance regulations often come across as advisories rather than mandatory requirements. Lack of visibility into the networks (no traffic Logs/ Inventorized data on network-connected assets) Lack of initiatives to bring awareness to the cyber threats that plague the environment. In actuality, the list is quite long. If we were to go digging down the list of CVEs and other challenges like the ones that are not yet identified (Zero-day vulnerabilities) we are expecting multifold cascading cyberattacks. In addition to the above, another reason why cyberattacks will continue to rise significantly is that the number of dark web users has also risen by quite a large volume. This means that most APT groups often dump cyberattack kits, and tutorial videos that are available for anyone to access (Some even as cheap as $5), and in some cases they are restricted to certain groups of people. Such access to information in making a quick buck often draws significant attention and is followed through by clusters of cyberattacks via budding threat actors gaining traction to take on bigger targets. Such attempts also make it difficult for forensic teams to pinpoint particular actors responsible for the attacks. Participate now: CISO Peer Survey 2022 Another factor we must not ignore is India and its geopolitical ties with other nations. India is familiar with attacks originating from neighboring countries in the past but is new to cyberattacks with heightened sophistication while bearing numerous attack surfaces with the potential to send the country into the dark ages. While India plays a strategic role on many accounts at an international level enabling spotlight and partnerships it also paints a sweet large target for geopolitical threat actors to get through. Why does India need a major cybersecurity overhaul in 2022? India needs a major cybersecurity overhaul

Is India up for a major cybersecurity overhaul? Read More »

Long ignored UPS vulnerabilities are coming to roost CISA and DoE

Long ignored UPS vulnerabilities are coming to roost: CISA and DoE

In a recent update, CISA and DoE (Department of Energy) jointly acknowledged the rising trend of cyberattacks and raised a concern over vulnerabilities associated with internet-connected UPS (Uninterruptible Power Supply) systems. This alert comes in light of the recent growth of cyberattacks targeting critical infrastructure not only in the United States but across countries that play a strategic role in various military and non-military geopolitical alliances. The alert raises concerns in the following areas: UPS systems are vulnerable to attacks when connected to unsafe networks Most UPS systems connected to the internet have little to no security on the cyber front. Out of the box, these systems come with default usernames and passwords and in most cases, the default credentials are unchanged for years after installation. In large organizations UPS systems bought in bulk often have the same login credentials across each installation to access them. Read more from the report here: Mitigating Attacks Against Uninterruptable Power Supply Devices Dependable, reliable, and omnipresent energy aid Uninterruptible power supply (UPS) has been a boon to humanity even before the dawn of the age of computers. In most cases, these systems are used to provide clean and emergency power supply in times of power outages or to regulate the surges in the flow of electricity. Also Read: Is NIST working on a potential cybersecurity framework update? In the early days, the UPS systems were often connected to critical industrial machines to prevent any occurrence of unsafe shutdowns or the breakdown of such machines due to surges in electrical power. In fairness, UPS has been a constant source of reliable and safe energy in times of desperate need. With the growth and the rise of digitalization, UPS was later introduced widely for consumer use and thus began its rise in popularity. Significant upgrades and advancements to UPS systems later followed in its evolution to provide vital insights into the networks and connected equipment. Such UPS systems now come with the ability to connect to the internet, provide vital insights into monitoring any surges in a steady stream of power, remind concerned authorities of timely maintenance, and much more. These internet-connected UPS systems are also actively in use by several healthcare (IoT sensors, IoMT equipment), manufacturers (OT, ICS, SCADA equipment), pharmaceuticals (OT and ICS equipment), enterprises (backups to servers), and other critical infrastructure industries while providing a steady flow of safe and uninterrupted energy during vital organizational operations. Also Read: Why IoT Security is Important for Today’s Networks? This growth of IoT or the internet-connected UPS systems has also become a critical component when integrated with network and poses grave cyberthreats when overlooked for its availability for functional operations. Potential casualties incurred by a successful cyberattack on internet-connected UPS systems. Manipulation of data on IoMT or denial of service on vital healthcare equipment Sensor manipulations Disabling the Automatic voltage regulation (AVR) Destruction via a surge in power supply Denial of service on enterprise servers Malware injection Lateral movement via a compromised network can lead to data leakage Privileged escalation It is hence established that internet-connected UPS plays a critical role. What can be done to secure internet-connected UPS? While the CISA and the DoE suggest regular and timely updates of software and the use of MFA as immediate steps, we at Sectrio, suggest all take a step back and follow these steps. Have ample visibility into your network, be it even a remote or a hearing aid that is connected to your network. Monitor for anomalies on the network Log network activities Segment your network into zones and conduits. Also read: How micro segmentation can help secure your connected assets. Use of MFA and strong passwords Use of safe VPN Regular vulnerability scans to identify gaps in security Compliance with IEC 62443, Zero Trust, and NIST CSF Working with real-time threat intelligence Reporting of cyber incidents or suspected incidents as quickly as possible to the right authorities. Will cyberthreats ever stop? On March 29th, 2022, a statement made before the House Judiciary Committee by the FBI cyber division stated that “As adversaries become more sophisticated and stealthier, we are most concerned about our ability to detect and warn about specific cyber operations against U.S. organizations. Maybe most worrisome is their focus on compromising U.S. critical infrastructure, especially during a crisis”. This official statement by the FBI’s cyber division brings perspective on the state of cybersecurity in North America and is an alarming wake-up call to all organizations for immediate cybersecurity revamp into their ever-growing converged cyber environment. For more information on the evolving threat landscape and insights into emerging cyberattacks and bad actors, read our latest IoT and OT threat landscape assessment report 2022Learn how Sectrio’s solutions can help secure your organizations today. Reach out to our cybersecurity experts to get started now. Join our upcoming webinar: Key Takeaways from the Sectrio’s Global Threat Landscape Assessment Report 2022 IoT and OT focused threat Intelligence feeds free for 15 days! Try it right now: Threat Intelligence

Long ignored UPS vulnerabilities are coming to roost: CISA and DoE Read More »

Rising threats on Critical Infrastructure amidst the Ukraine crisis

Rising threats on Critical Infrastructure amidst the Ukraine crisis

IoT, ICS, and OT security should be your highest priority if you are a professional working in at least one of the sixteen critical infrastructure sectors. The United States of America is currently on high alert after issuing joint advisory from 4 different agencies for 3 different countries, A cautionary alert on attempts of rising ransomware attacks, and the latest alert raised by CISA on February 14th, 2022, warning all businesses – small, mid-sized and enterprises to stay on their guard (“shields up”). On the 26th of February two days following the official announcement by the Russian president indicating his intentions with Ukraine, the Department of Justice (DOJ and Cybersecurity and Infrastructure Security Agency (CISA) jointly issued a cybersecurity advisory of two destructive malwares known as WhisperGate and HermeticWiper that are currently being used to target organizations in Ukraine and Europe. Counties in North America, the Middle East, and the Asia Pacific have been facing persistent cyber-attacks for a long time and in light of the escalating Ukraine crises and geopolitical tensions, the number of cyberattacks continues to grow significantly. Considering an added layer of involvement of certain countries in the Russia – Ukraine Crisis, we have analyzed a few key attack surfaces in critical infrastructure that are easily targeted. This includes: Exploiting existing vulnerabilities Stealthy reconnaissance attacks Persistent attacks by Botnets Sophisticated APT on Critical Infrastructure sectors Ransomware attacks on businesses regardless of size Why will such cyberattacks continue to rise amidst the Ukraine crisis? This is a question you already know the answer to. A long-drawn battle against an old enemy has continued since the culmination of the cold war but this time it’s online, a hybrid tactical cyber warfare where the enemy has proven to have the added advantage of the necessary skillset from attacks in the past. Kudos to you if you guessed the country we are talking about right. For others, it’s Russia. In the past and the digital era, Russia has extensively leveraged tactical methods of cyber warfare to add additional pressure. Disruptions or permanent damage be it a cryptic lock via ransomwares, damage to health and safety by disabling SIS systems, or even a complete system override and shut down in critical infrastructure operations of energy sectors and telecommunications. Such attempts in the past have proven to be effective in swaying and accelerating decisions of a nation’s government, military, and even the general population, which fits the Russian agenda. Such events stay hidden from the limelight as most don’t want to admit to a security failure or the lack of security measures. With attacks brazenly targeted regardless of your size or affiliations, all organizations globally must realize the looming threat and take immediate actions to safeguard themselves.  As immediate steps, here are a few steps you can take to safeguard from cyberattacks: Enable multi-factor authentication (MFA) org-wide and ensure that passwords are reset frequently Ensure that softwares used org-wide is updated with the latest security patches available. Doing this prevents lateral movement of malwares Conduct rigorous and regular vulnerability audits and drills to identify gaps in your security Raise awareness with your immediate clients and partners to heighten security measures as risks of chain attacks have been witnessed in the past. Such as the infamous SolarWinds attack Complete visibility on your network, logging the devices that are connected, and are actively using your network Monitor any abnormal functions of the devices connected to your network and raise immediate red flags for immediate investigation.  Segment your network and comply with industrial compliance mandates. Read more about Sectrio’s Microsegmentaion module. Re-check/rework your remediation and mitigation playbooks to ensure that you are taking an updated approach during an incident.  Isolate traffic from unverified sources that are deemed suspicious for a deep monitoring Build and assign resources to incident response teams. Ensure that your resources and SOC teams are not fatigued from overworking Build substitute teams if you are not functional at an optimal level.  Ensure that you comply with compliance regulations such as NIST CSF, IEC 62443, Zero Trust framework, and other compliance mandates that apply to you. Head over to the compliance kits section on the website to get started Self-assess your preparedness for a cyber incident, conduct mock drills Working with actionable threat intelligence that can help you assess your cyber threat landscape If you do not have access to threat intelligence feeds, do not trust OSINT as they can often mislead your teams. Go for a credible and trusted source. Read the CISO guide in selecting the right threat intelligence vendor if you are unsure of what is best for your organization  Subscribe to the latest updates from trust sources that you can rely on. Sectrio is currently offering free weekly subscriptions to key personnel that opts in Working with a small cybersecurity budget can be extremely difficult. Not all organizations get the same budget as industrial leaders. Leverage the threat landscape reports to bring awareness to the organization for a higher cybersecurity budget. Read our guide in deriving a higher cybersecurity budget to improve value ROI Understand organizational dynamics and align your goals for a secure environment Understand complexities involved in the integration of IT-IoT and OT technology as each brings its own challenges Organizations undergoing a digital transformation must take extra precautions and is often better to opt-in for a security tool that can provide you with the necessary visibility, detailed analysis without overburdening your SecOps teams with branded jargon when it comes to dealing with the convergence of technologies Always document and log changes to the system, this will help you in forensic analysis and identifying gaps These 20+ point guidelines will help you get headed in the right direction for improved resilience and cyber vigilance.  Why the escalating Ukraine crisis can be a new frontier for APT actors? In the past, we have witnessed APTs with ties to Russia, and other countries inflicting maximum damage by exploiting known vulnerabilities using spear-phishing attacks, brute force, and sophisticated malwares Such

Rising threats on Critical Infrastructure amidst the Ukraine crisis Read More »

3 OT security trends to watch out for in 2022

OT Security trends for 2022

Convergence of OT and IT: The convergence of OT and IT defines the progress of most digital transformation projects, bringing in technological advancements across business models and decision-making levels. Where most shop floors were forced to shut down, the integration of IT and OT played a significant role during the ongoing pandemic, helping manufacturers, critical infrastructure segments, and enterprises get back on their feet quickly.   While this achievement is by no means an easy task, the threat and the number of attack surfaces it opened up to was a big win for hackers. An instance of such an attack was when a sphere phishing attack led to a power outage impacting 200,000 people and crippling an entire electric grid for more than 6 hours. How? The threat actor was able to get into the IT network and move laterally to identify the critical OT networks, taking control of the SCADA systems operating in the plant upon which the electrical breakers of substations were opened to wreak havoc. Such attempts to disrupt, hold Ransom, and monetize are only set to get sophisticated in the coming year. A robust OT security vendor like sectrio with the right tools to not only mitigate but to set up a comprehensive cybersecurity program in your organization is a must-have.  Foreign threats and Physical devices: With the emergence of the new waves of the ongoing pandemic, the fatigue and the stress of working remote/hybrid brought in challenges of their own, resulting in another easy-to-exploit attack surface. While an air-gapped system appears to be the ultimate indicator of security, the threat to such systems could come internally. The threat of social engineering and dead drops helps enable the threat actors to achieve their targets. These attempts come in various forms, such as a USB stick with a ready-to-inject payload and physical devices connected to networks. Devices like a printer, coffee machine, or even your keyboard and mouse connected to your network can be an easy target. These devices are further compromised and weaponized to infiltrate the networks that allow the threat actors visibility and movement required to achieve their targets.  A known example of such an attack would be the infamous Stuxnet. Here the infiltration of a highly secure and air-gapped system of a nuclear power plant gave the threat actor the ability to amend a specific set of programs in PLCs, enabling the centrifuges to spin rapidly, causing physical damage to the devices. The severity of such attacks can be compounded by disabling the SIS or safety Instrumented System, the last line of automated defense in industrial facilities to prevent any catastrophic damage or even incidents that can put lives at risk. TRITON is one such malware that can shut down the SIS.   In the coming days, more attempts to deceive the visibility of devices, trigger sophisticated malware workflows infecting heaps of network, USB sticks with file-less malwares, and much more are expected to make their presence felt in the world of OT.   We at Sectrio urge all to stay vigilant, stay updated with the latest cyber threat intelligence, and make use of the Micro-segmentation and risk management modules designed to secure your operations without any compromises in security.  2022 and compliance: As expected, with the rising levels of sophistication and the volume of forecasted attacks in the days ahead, compliance mandates set by governments, industry leaders, and independent organizations are likely to be enforced rigorously. Overconfidence in one’s security posture or the lack of can have its impacts ripple upon the innocent ‘bystanders’ without the necessary insights and rigorous audits to secure gaps in networks and patch the unpatched vulnerabilities. Sectrio has been helping organizations comply with cybersecurity mandates, policies and adhere to the best practices in the industry. Take a look into our compliance kits section on our website to find curated documents and information that will help you get your security posture headed in the right direction.   Stay safe and have a wonderful holiday season and a very happy new year!  See how our OT-IoT-IT security solution can handle such threats to your enterprise. Book a no-obligation demo.  Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report  

OT Security trends for 2022 Read More »

Scroll to Top