Author name: Prayukth K V

Financial services institutions and manufacturers linked to diverse supply chains should brace themselves for targeted cyberattacks from APT groups. In the last 48 hours, we have seen a significant rise in reconnaissance attacks on firms in these sectors indicating the mobilizations of APT, sub-APT groups, and independent hackers. Here are the key trends we have recorded in our global honeypots over the weekend:  All honeypots have registered a rise in inbound cyberattacks   13 honeypots in Europe across Finland, Germany, Estonia, and Lithuania register the biggest rise in cyberattacks   Most of the attacks are emerging from Western Russia (it is hard to pinpoint the exact geographical location as the epicenter keeps shifting)    Target include payments infrastructure, connected device eco-systems across the shop floors, supply chains, and industrial control systems   Most of the attacks are oriented towards creating large scale disruption of supply chains as well as financial systems to keep regional CERT teams occupied   As we enter March 2022, the potential for a major cyberattack occurring in various parts of the world has grown exponentially. As we had predicted in the 2022 IoT and OT Threat Landscape and Assessment Report, the cyberattacks on manufacturing entities and financial institutions along with oil storage and transportation infrastructure are expected to see a massive spike this week.      We are witnessing a phase of increased adversarial activity across the surface and Dark Web with more than 5 major APT groups working in tandem across 3 continents. All this translates into a need to ramp up internal and external security measures immediately.  Sectrio advises financial services and manufacturing businesses to adopt the following measures immediately:  Conduct a complete audit of their entire digital footprint with a special emphasis on IoT and OT infrastructure including devices and networks that connect.   Deploy multi-factor authentication (MFA) and reduce access and other privileges across the infrastructure for the next 20 days   If any vendors are allowed into the digital perimeters or beyond, such accesses should be monitored or limited   Advise employees to avoid opening any suspicious emails and delete spam mails   Hackers are also expected to circulate spoofed links asking them to revalidate their login credentials through SMS. Ask them not to comply and report such instances   Fragment networks wherever possible to gain greater operational visibility and control   Industrial Control Systems and SCADA systems should be monitored and checked for any unusual network activity   A sudden or even diffused spike in data consumption among IoT devices could point to a potential cyberattack and should be attended to immediately   Limit BYOD access, if possible   Hackers will try and use reply chain phishing in case of previously compromised networks. In case of any suspicious communication activity, employees should be requested to check with the sender and try and validate the communication through a call or other non-email means and share the emails for investigation    Senior leadership could be targeted through LinkedIn or other social media platforms    Lastly, we advise all businesses across sectors to conduct an immediate review of their cybersecurity posture.    For more informational content, subscribe to our weekly updates and be notified at the latest. We promise not to spam you!  Try our rich OT and IoT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio. Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

Sectrio released the findings of its 5th OT and IoT Cybersecurity Threat Landscape Assessment and Analysis report today. The comprehensive report covers details such as threat actors, malware, breach tactics, at-risk sectors, quantum and quality of cyberattacks, and specific threats to OT and IoT deployments and critical infrastructure around the world.  The section on North America offers some insightful data points on the OT and IoT threat landscape in the region:  Ransom cost per GB of data held by hackers is now $39000   Energy, Healthcare, manufacturing, utilities, maritime, and defense are among the most targeted sectors   Overworked SOC teams and lack of visibility into some of the infrastructure played some businesses right into the hands of hackers   Mining sector could be targeted in 2022 as there is rising hacker interest in this sector  756 major cyber incidents reported in the region in 2021   Highest remote ransom demand $50/70 Mn (Various sources)  Ransom recovered: $6 Mn (Forbes, Nov 2021)   The rise in average ransom demand: 71 percent (Sectrio)  Hack campaign cycles intercepted: 71 (Sectrio)   Hackers are now targeting widespread disruption and huge ransoms through targeted cyberattacks. While the geopolitical motivation in many of these attacks remains at a very high level, the expansion of botnets in Mexico poses a new security risk to businesses in the region. Manufacturing facilities in Mexico are also being subject to high levels of reconnaissance probes by hackers.   Some actors are carrying out localized attacks from within the region using sophisticated phishing kits developed in parts of Eastern Europe and the Middle East. We came across many such kits that were modified to some extent to target businesses in US and Mexico. These kits are now freely available on the web but sophisticated APT groups such as Lazarus and Fancy Bear could be embedding them with trojans to control the networks and data in businesses targeted by these local hackers.   This is a new tactic that APT groups are using to widen their net. By offering free phishing kits, they are allowing other groups to conduct the initial hacking work while they lurk in the background waiting to jump networks or digital assets to reach a target asset which could be a critical infrastructure facility or a defense installation.   In all, the malware load in the traffic analyzed by our team has grown significantly in the last 6 months of 2021. This over-the-board increase will definitely put an additional strain on the already overworked SOC teams managing the security needs of businesses in sectors such as manufacturing, utilities, and others. Hackers are specifically targeting control systems and connected IoT devices. The former to cause disruption and the latter to target third-party infrastructure such as websites, critical servers, and even mobile phones.   Supply chains, the new target  Supply chains are presenting hackers with a moving and lucrative target. In addition to large-scale disruption, such attacks also offer more return on investment. In addition, other factors make supply chains a favorite for hackers:  The opportunity to strike businesses from multiple entry points  Once infected, malware can move across the connected infrastructure crossing not just organizational but even political boundaries   The entry of start-ups with high valuation and risk appetite but with low appetite or patience rather bring systems online in a foolproof way after a cyber incident. This means that these companies may be more susceptible to paying a ransom to get things back on track faster    Workflows, responsibilities, and systems are not aligned towards cybersecurity imperatives today     Hackers may also be aware of zero-day vulnerabilities across vendors that are yet to be discovered   Specific challenges with OT in North America   While investments in IT security have grown, OT cybersecurity investments and attention are still lagging. Businesses that are hosting complex hybrid environments or are connected to IT, OT, and the Internet of Things are now gradually understanding the importance of ramping up their cybersecurity measures to align them with the complexity involved in securing such environments. However, the hackers are miles ahead of them as they are well aware of these cybersecurity gaps than the cybersecurity teams protecting them.   Businesses hosting complex environments without adequate security cover are closer to a massive cyber disruption than they can imagine.   Some businesses have upgraded their OT environments by adding new devices. Such devices are however invisible to standard off-the-shelf vulnerability scanners.   OT vulnerability scans are not done frequently and many businesses fail to fall back on a more disciplined approach that requires regular scans and remediation   The ever-evolving OT and IoT threat landscape throws up new threats including malware that evade detection   Visibility into threat surfaces is not adequate. Some of the solutions used by businesses are prone to misconfiguration and new vulnerabilities.   OT security teams in many instances are less empowered than their IT counterparts and if the same security team is handling both IT and OT cybersecurity, OT doesn’t get as much attention as it should   Such critical gaps in addressing OT cybersecurity across the infrastructure leave the room wide open for hackers or other adversarial entities to exploit.  You can read more about such threats in the 2022 Threat Landscape Assessment and Analysis Report prepared by Sectrio’s research team.   What is the 2022 IoT and OT Threat Landscape Assessment and Analysis Report all about?  The 2022 Threat Landscape Assessment Report prepared by Sectrio’s Threat Research team tracks and documents the evolution of IoT, OT, and IT cyber threats and their implications for businesses across the globe. It answers many questions that are puzzling cybersecurity decision-makers and other stakeholders alike. Where are the threats coming from? Why are certain sectors getting attacked more often? Which groups and countries are behind these attacks and more importantly what tactics are they using and what impact could such attacks have on businesses in 2022?   It is a must-read for everyone who wishes to understand how the cyber OT and IoT threat landscape changes around the world can impact them and their business. You can download the report here.  

Report documents a staggering rise in cyberattacks on critical infrastructure and supply chains Sectrio today released the latest edition of its Global OT and IoT Threat Landscape Assessment Report covering the evolving cybersecurity environment surrounding sectors such as manufacturing, oil and gas, smart cities, maritime projects, and critical infrastructure. The report prepared by Sectrio’s threat research and analysis team covers data from over 75 cities across the globe covering over a billion attacks and 10,000 (collective and cumulative) hours of analysis of cyberattacks, malware, hacking tactics, network breaches, Dark Web chatter, data leaks, and other important aspects related to enterprise and critical infrastructure cybersecurity.    The comprehensive threat landscape assessment report has analyzed cybersecurity from five perspectives viz., the evolution of threat vectors, mode of attacks, cyberattacks logged, targets attacked, and cybersecurity gaps exploited. It covers the analysis of stolen data released on the Dark Web and other forums as well.   Key findings from the IoT and OT threat landscape assessment report:  To access the IoT and OT threat landscape assessment report, visit this link: The 2022 Threat Landscape Assessment Report To request additional information, visit this link: Contact Us To try our threat intelligence feeds for free, visit this link: Sign up for free threat Intelligence

As per the findings of PwC’s recent annual CEO survey, CEOs across the globe have ranked cybersecurity risks as a bigger concern than the ongoing Covid-19 pandemic, economic volatility, or even climate change.  The survey, covering 4,446 CEOs from 89 countries and territories has offered specific data points around Asia-Pacific, India, Mexico, Central, and Eastern Europe, Malaysia, among other countries. The increasing attention that cybersecurity is receiving comes in the backdrop of a steep rise in cyberattacks globally and in the countries mentioned above. Rising cyber concerns are also underscoring the growing role of CISOs across sectors. With increasing geopolitical concerns in Ukraine, UAE, and in other parts of Asia, cybersecurity leaders and CISOs are also dealing with other challenges such as: Rising regulatory requirements Strained budgets Lack of resources   Compartmentalization of security across organizational silos Talent shortages Specific Organizational cybersecurity posture concerns that are not on the Board’s radar  Burn out and overwhelmed by the pandemic and the disruption caused by it The role of CISOs has been evolving over the last few years with businesses giving them a larger say in the way businesses are run and a share of voice in the decisions of the board. However, in many institutions, the post of CISO has just been created or the role functions with many dependencies on other non-c-suite positions leading to a situation where the support they receive is not timely or is inadequate.  What can CISOs do to address such challenges? Democratize cybersecurity: run bug bounty programs and tabletop exercises by involving employees across the organization. Involve more stakeholders across decision-making layers and teams in all cybersecurity programs Pay attention to vulnerabilities: running vulnerability scans in a disciplined manner and taking prompt action on identified weaknesses and gaps can go a long way in increasing the distance between your assets and a cyber adversary. This should go with other measures such as micro segmenting networks, creating zones of digital priority, and maintaining an updated inventory of all assets and their functions. Promote a culture of pro-active compliance: many standards/frameworks proposed by (or that are part of) NIST, NERC-CIP, IEC 62443, and Zero Trust can be implemented with very little effort and by a simple rejig of operating processes, workflows, and inter-device interactions. Such measures can be taken up for immediate execution. (Check out our compliance kits for more information on how to get this done). Such measures should be taken up routinely and ingrained in the culture of the organization. Build and track cybersecurity checklists: across facilities and systems such as SCADA, PLC, industrial control systems, health and safety systems, remote management systems etc. Address institutional inertia: this is especially true of businesses that have been around for a while. Decisions taken to counter emerging threats to critical asserts may get stuck in layers of decision-making within the organization. By the time the decision is taken, it may be a case of too little too late.    IT-OT and IT-IoT convergence zones or other such zones where different tech streams overlap should receive additional cybersecurity attention. Track API usage: while APIs help ease integration challenges, they are among the biggest sources for cyberattacks. Hackers have been known to use APIs as conduits to open target networks. See if APIs used by your organization are leaking data or access   Clearly define tangible risks and provide solutions: CISOs have been doing this for a while. It is now time to take things to a different level. Identify scenarios that could harm institutional credibility and trust and link them to specific weaknesses or cybersecurity gaps and suggest solutions to address each gap See what your peers are up to: learn more about how they are dealing with similar challenges Watch out for regulatory advisories: in the last 3 weeks, there has been a flurry of advisories from various regulators connected with the ongoing Russia-Ukraine crisis. Such advisories can be passed on to all employees and used to generate cybersecurity awareness on the need to stay alert Study the cybersecurity practices of your vendors and supply chain partners: this may provide some fascinating insights into improving your cybersecurity posture while recommending ways to address gaps in the cybersecurity posture of your vendors and partners may help you earn more collaboration in the future when dealing with a cybersecurity event or for meeting a regulatory demand In sectors such as oil and gas, manufacturing, and utilities, cybersecurity audits should be done with the same level of diligence as that which goes into a health and safety and/or environment safety audit. Avoid burnout: delegate tasks beyond your immediate team. Identify cybersecurity champions from across teams and get them to help your team promote a cybersecurity culture of excellence and diligence Try our rich IoT and OT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio. Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report