Critical infrastructure faces a new kind of cybersecurity challenge
Critical infrastructure faces a new kind of cybersecurity challenge Read More »
Rising ransomware attacks point to a larger cybersecurity problem
In January 2022, we witnessed a huge rise in ransomware attacks specifically on IoT and IT networks. Most of these attacks were designed to lock up the data, copy parts or whole of it and then dump the data on the Dark Web. If media reports are to be believed, many organizations that ended up paying a ransom didn’t get their data back. If we break up the ransomware problem, we can identify these as the key attributes of the bigger challenge posed by ransomware to businesses: Insider threat: emerging from employees or partners willingly or unwittingly ending up aiding hackers. Learn more about dead drops Rising potency of ransomware: hackers have invested extensively in ramping up the facilities behind ransomware production and distribution and this is the reason behind 2021 turning into a very successful year for hackers Growing ransom demand: there are contrasting reports on what was the highest ransom demand placed last year but it can be easily inferred that the ransom rates have certainly grown significantly in 2021 The rising role of enablers: while the number of ransom developers is growing, so is the role of the enablers. These include negotiators and even professional breach enablers who help in placing the ransomware in the target networks Bleeding data: in December 2021, the volume of new data dumped on the Dark Web rose by nearly 3 TB. Hackers are now more aware of the vulnerabilities, cybersecurity gaps, and process deficiencies associated with IoT, IT, and OT in businesses and they are using this information to breach assets and networks What can businesses do to protect themselves from ransomware attacks? In sectors like manufacturing, pharma, defense, and retail, cybersecurity needs to be embedded into supply chains and feeder processes For small and medium businesses, operational visibility and visibility into networks at all times is a must. Oil and gas (upstream and downstream operators) is a sector that has been traditionally vulnerable to a range of threats. Oil and gas companies need to harden their operations from a cybersecurity perspective and revisit their processes and cybersecurity practices to align them with the new cyber threats and challenges that are emerging in the background Healthcare firms need to ramp up their IT security and invest extensively in securing their data Micro-segmentation: involving fragmenting networks to enable greater visibility and granular enforcement of cybersecurity policies is a must deploy cybersecurity measure Industrial Control Systems and health and safety systems should be especially protected as these could not just create an operational challenge for businesses but more importantly, could create a health and safety hazard for employees working in manufacturing plants that deal with oil and gas products and other complex and dangerous chemicals Cybersecurity audits should be conducted at least once a month. There are many available formats for conducting this. We have created one for you here that is aligned with the NIST framework Encourage employees to report incidents and incentivize them to proactively detect and report vulnerabilities or security gaps Businesses connected with a long tail and short tail supply chains should collaborate to arrive at common security standards and measures that they can deploy together Enforce a no-click policy for suspicious emails Look at opting for multiple vendors for obtaining your threat intelligence feeds Looking at improving your IoT, OT, and IT cybersecurity, consult an expert from Sectrio for free. Book your slot now. Try out our threat intelligence feeds and improve your threat hunting capabilities. See how our OT-IoT-IT security solution can handle such threats to your enterprise. Book a no-obligation demo. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days Download our CISO IoT and OT security handbook Access our latest Global Threat Landscape report
Rising ransomware attacks point to a larger cybersecurity problem Read More »
Improving OT security by understanding key security challenges
The convergence of IT-OT and IoT has opened new avenues for hackers to target systems based on those three technologies. OT however, has been impacted uniquely as the security dimensions of OT have not been fully understood by security practitioners. With the collapse of the traditional air-gapped systems, OT devices are now being targeted extensively by various hacker groups. To counter them, we need to get to understand how are hackers breaching OT systems. There are two main routes of entry for hackers into OT Security. One involves using networks as conduits to access a production facility in a connected OT environment. In an unsegmented network, all (compromised) connected assets could serve as entry points for hackers. This is especially true for OT operators in traditional industries such as manufacturing, power plants, oil and gas refineries, and pipelines that are now embracing some form of digital transformation and large-scale automation. The second conduit involves a physical breach by an intruder carrying a USB drive with the malware payload and connecting it to the OT network from within. Such a modus operandi is often used to target OT systems within the defense, maritime, and power companies that still house unconnected or air-gapped OT security systems. OT cyberattacks are thus not accidental episodes and require significant planning and execution finesse on the part of the hackers. In the case of many defense facilities such as radar stations, communication, and signals hubs, we have seen hackers or their enablers throw infected pen drives into the campuses of these defense entities to be used by an unsuspecting employee. Though the use of USB drives is strictly regulated, such devices still manage to become part of some of the large OT breaches we have seen in the last few years. OT Security challenges and targets Safety and control systems are high on the wish list of hackers. These are the systems that when accessed and modified can cause tremendous disruption and loss. Such breaches are also hard to contain and soon the news of the breach reaches the external world and the hackers through media. ICS and SCADA systems have been traditional targets for hackers and they continue to be targeted. A safety instrumentation system or even an environment control system both of which are key to ensuring safety in plants and other locations which are accessed by plant personnel. This puts their lives at risk and could also pose a danger to critical instrumentation including their calibration which is often quite sensitive and even a minor change could trigger a series of production errors downstream. Improving OT security Start by viewing IT and OT as extensions of the overall digital infrastructure and cover them through a unified security policy that takes into account unique cybersecurity aspects for them individually as well. The above policy should also contain common goals for both IT, IoT and OT security teams. Key KPIs and milestones should also be formulated that they can achieve in collaboration Conduct periodic joint digital security audits across the enterprise to evaluate the institutional cybersecurity posture and to eliminate gaps NIST cybersecurity framework and the IEC 62443 can be used as guides to secure parts of the network or as a whole Micro segmentation: can be used as an excellent tactic to isolate the overall digital infrastructure into fragments. This will not just help contain an attack but will also prevent malware from moving laterally For digital transformation or large-scale OT automation projects or those involving phased transition to IIoT, OT security teams should be roped in to develop a comprehensive security roadmap that doesn’t just end with the transition. Instead, the roadmap should cover long term operational security for all assets and must take into account converged threats or threats that might emerge in the future As part of the unified security, policy, an OT security specific policy can also be developed to bring OT security on par with IT security Operate with OT-focussed threat intelligence to detect unique threats that may affect OT but not IT Vulnerability assessments and gap analysis should be conducted at regular intervals and such processes should be further documented through regular audits Security for IT, IoT and OT assets should be owned by a joint cybersecurity team including members from both sides. This will ensure the evolution of a common minimum standard for security across the organization Deploying an OT security solution that works to secure all aspects of OT is also recommended Sectrio is offering its threat intelligence feeds for trial for free for 15 days. Our feeds work with the best SIEM solutions out there and meet all the parameters listed above. To access our threat intelligence feeds for free, sign up now. Talk to our cybersecurity experts to learn how Sectrio’s IoT security solution and threat intelligence can help your business See how our OT-IoT-IT security solution can handle such threats to your enterprise. Book a no-obligation demo. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days Download our CISO IoT and OT security handbook Access our latest Global Threat Landscape report
Improving OT security by understanding key security challenges Read More »
10 easy to deploy steps for better Industrial Control Systems (ICS) security
Last week the Biden Administration announced the extension of the Industrial Control Systems (ICS) Cybersecurity Initiative to the water and wastewater treatment facilities. ICS across sectors is at risk from targeted cyberattacks. This is especially true of ICS connected with critical infrastructure. Thus this announcement comes as no surprise with more sectors being recognized as critical, the role of ICS cybersecurity in national economies in addition to the success of businesses has now come under the scanner. What is the nature of threats to ICS? The Colonial Pipeline, JBS Foods, and other high-profile incidents that occurred in the recent past have shown that security risks and attacks connected with ICS are growing These are some of the reasons why the threats to ICS are growing: Use of legacy systems that cannot be scanned for vulnerabilities or threats. In many such systems, patching is unheard of as the OEM might have already shut shop as some of these devices were manufactured almost three decades ago ICS operation and maintenance practices are not aligned to the cybersecurity practices that are being currently followed in many organizations Often there is no dedicated team managing the cybersecurity needs of ICS and the IT security team is tasked with securing them. The IT teams may not be trained to secure such systems OT and ICS systems were purpose-built to serve specific needs and nothing more. So to get them to accommodate security in their day-to-day function is near impossible Partial automation in some instances have led to newer security concerns Lack of visibility into the functioning of these systems has proven to be a significant barrier What can be done to secure ICS? Rising breaches in ICS and OT systems have made cybersecurity teams sit up and take notice of ICS security gaps emerging from these systems. Thus, attempts are being made to launch programs to secure them and to contain threats and risks to such systems. These are the steps that Sectrio proposes to businesses and governments that wish to secure their ICS: Access management: to ensure physical and digital security in systems that are fully or partially automated Inventory management: know how many ICS systems are there and what exactly does each component do Threat detection and neutralization: curb malicious activity at all levels Vendor management: work with vendors to improve ICS security wherever possible Risk reduction: go for ICS security solutions that improve ICS and OT cybersecurity without creating any significant disruption Micro segmentation: segment networks and infrastructure into manageable bits and evolve and deploy micro security policies that can be better administered Security audits: development and application of unique security policies and procedures that are custom developed for control system network and its devices. This will also help sensitize security teams and other stakeholders on the need to pay attention to OT and ICS security Vulnerability assessment: period assessment of vulnerabilities at all levels should help plug gaps Security of data transfers: across networks, data transfer should be done in a secure and with adequate authentication Deploy workflow improvements to enhance security and operational transparency Wish to develop an OT security policy? We have something to get you going here: OT Security Policy Talk to our regional cybersecurity experts in North America, the Middle East, APAC, and Latin America to understand how to secure your regional ICS, OT, and IoT systems. Learn about easy to deploy compliance kits to help your regulatory compliance initiatives. Sectrio is offering its threat intelligence feeds for trial for free for 15 days. Our feeds work with the best SIEM solutions out there and meet all the parameters listed above. To access our threat intelligence feeds for free, sign up now. Talk to our cybersecurity experts to learn how Sectrio’s IoT security solution and threat intelligence can help your business See how our OT-IoT-IT security solution can handle such threats to your enterprise. Book a no-obligation demo. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days Download our CISO IoT and OT security handbook Access our latest Global Threat Landscape report
10 easy to deploy steps for better Industrial Control Systems (ICS) security Read More »
Key to cyber resilience: IoT and OT threat detection without delays
Cyber Threat Detection: When detecting a threat on your network, every millisecond counts. Any latency in threat detection will give the malware more time to spread or even accept commands from the command and control entity to change to make detection harder. How accelerated and real-time threat detection can help you? In cyberspace, when it comes to IoT and OT cybersecurity, sophisticated hackers do count on a lag in detection (in enterprises) while engineering their malware and planning their breach strategy. This is why in the case of complex malware, hackers may program it to deploy in batches while accumulating code packets from the C&C unit to take advantage of a delay in detection (also aided by low footprint activities of the malware). The induced latency on the part of cybersecurity solutions may arise for many reasons. Sometimes it is due to some cybersecurity vendors using myriad solutions that are ‘sutured together’ to form a rudimentary detection engine. By the time data moves from one end of the detection cycle to another, the malware would have got a chance to spread upstream and downstream and into devices and would have already communicated with the C&C unit and shared data. In other instances, it could also be because the solution is acting at the device level or is a post-facto detector which means that it can only detect malware once it has crossed a certain level of activity in the network. All of these could potentially slow down response and weaken cyber resilience measures and open up new avenues for hackers to exploit. Sectrio’s Threat Detection engine does not suffer from such disadvantages. The solution works as a single agile unit across the network to identify and flag threats and suspicious traffic in real-time. In addition to three layers of threat detection, it is also powered by the largest IoT and OT focused threat intelligence gathering facility in the world spread across 75 cities. This helps in identifying the latest malware as and when they emerge giving hackers no time to exploit gaps. With Sectrio, threat detection is rendered a pro-active activity as threats are identified before they have a chance to spread, unlike some of the IoT and OT cybersecurity solutions and vendors out there that work in post-facto mode. Sectrio’s customers are thus rendered secure and do not have to worry about any challenges posed by any deficiency in their solution. Don’t pay for latency or post-facto detection. Get real-time and early detection with Sectrio, the leading IoT and OT cybersecurity vendor. See how our OT-IoT-IT security solution can handle such threats to your enterprise. Book a no-obligation demo. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days Download our CISO IoT and OT security handbook Access our latest Global Threat Landscape report
Key to cyber resilience: IoT and OT threat detection without delays Read More »
Cyber securing connected OT and IoT infrastructure in the Middle East
In the last 15 days, hackers in the Middle East and Africa region have added another sector to the list of their targets in the region. Cyberattacks on healthcare facilities in the region rose significantly over baseline levels during this period. Let us examine the causes and implications of this trend. Since 2019, we have seen cyberattacks by regional APT groups rise substantially. The primary targets were oil and gas facilities and utility infrastructure including facilities related to water treatment and distribution. These tit-for-tat attacks spilled over into the healthcare sector and now many established healthcare facilities are being targeted in the region. The common factor in both these segments is the potential for impacting ordinary citizens. As we have seen in the last 6 years, APT hackers often target facilities that can cause maximum disruption. Research by Sectrio has shown that hackers were targeting critical infrastructure through reconnaissance malware. Since most of these attacks went unchallenged within the networks of targeted institutions, hackers were able to gather plenty of information on data flow behavior within networks, security measures, device architectures, connection configurations, and information on privileges. Hackers used this data along with hijacked smart devices such as web cameras, connected home automation hardware, and connected devices deployed by manufacturers to target high-value infrastructure in the region. We expect such attacks to continue till the fall of 2024. This forecast is based on past cybersecurity measures we have seen in the region. Cyberattacks will continue to evolve in the meantime. The only way businesses can protect themselves is by investing in the right measures to contain cyberattacks and increase the distance between them and the hackers. These include: Developing a more comprehensive understanding of device topology to know what is connected and exactly what it is doing on the network Frequent vulnerability scans to detect and address vulnerabilities early OT and IoT devices should be checked for CVE vulnerabilities Operate with an OT-IoT-IT risk management model that emphasizes early detection and mitigation of threats Adopt cybersecurity frameworks such as Zero trust and IEC 62443 Use micro-segmentation to deploy granular cybersecurity policies as also to prevent lateral movement of malware Manage privileges Allow all components of the infrastructure to earn trust for connectivity and end-use Use the right threat intelligence to identify the latest and relevant threats We are offering a free OT-IoT cybersecurity assessment slot for select businesses in the Middle East and Africa region at GITEX 2021. Walk into H2-D1 at the World Trade Center or give us your details here to claim this offer.In case you prefer a more detailed meeting, do reach out to us at info@sectrio.com Don’t miss out on this exclusive offer. Book your free slot now.
Cyber securing connected OT and IoT infrastructure in the Middle East Read More »
Rising cyberattacks in 2021 and its link to data stolen in 2020
Integrated digital production footprint, unsecured data centers hosting data from multiple technology streams such as IoT, OT and IT, and rapid ingress of new and emerging tech are creating new vulnerabilities that are persistent and disruptive. Consider these scenarios: A connected component within a network can give cyber criminals access to a larger network. A single vulnerability can thus serve as a beachhead for a multitude of attacks. Distracted employees may unintentionally download malware, leave ports open or ignore signs of a data breach. The addition of new and untested components could create new vulnerabilities as these could be pre-rigged with trojans. Cybersecurity teams are struggling to handle an explosion of attack surfaces in the aftermath of the ongoing pandemic. In the first three months of 2021, cyberattacks have grown by 381 percent globally. Such attacks have been facilitated by data stolen and transferred in 2020 and unfixed vulnerabilities. This is according to our threat research team. Learn more about the research on The Global Threat Landscape Report . Subex Secure is a specialist in protecting your IoT and OT infrastructure from cyberattacks. Our cybersecurity solution Subex Secure protects infrastructure, assets, data, and networks. It is a three-tier threat detection feature that identifies and flags threats early preventing lateral movement of malware. It can also discover rogue devices and mitigate threats. Talk to us about improving your cybersecurity posture and eliminate cyberthreats immediately. Schedule a demo
Rising cyberattacks in 2021 and its link to data stolen in 2020 Read More »
Don’t miss this critical cybersecurity requirement
Targeted attacks on supply chains connected with various sectors rose significantly in the last 8 months, according to various research firms. And this is just the tip of the iceberg as these findings relate to existing threats or threats that have been identified. There could be many new ones lurking in the Dark Web and elsewhere. Most information security leaders tend to ignore the potency of unknown threats. This is because the security architecture in most enterprises and projects doesn’t permit adequate versatility to understand and identify latent threats to deal with them. The problem is compounded by security practices based on restrictive network activities at the perimeter rather. This means that a threat that somehow manages to trick the perimeter-based security mechanism is free to wreak havoc inside the core network. Unfortunately, even the compliance mandates that are prevailing in various countries also fail to encourage businesses and other entities to look into emerging threats through a combination of insights, forecasts, and sheer imagination. Besides, thanks to the increasing diversity of processes and devices, it is easy to lose track of baseline cybersecurity requirements with every increase in surface area. No matter what your network architecture, industry, or level of security sophistication, gaps could arise during periods of transition, capacity expansion, or infusion of new technology. The addition of IoT exponentially amplifies the threat factor. In another survey, over 70 percent of cybersecurity practitioners reported some level of unfamiliarity with threats that emerge in converged environments spanning IT, OT, and IoT. Unfortunately, these converged environments represent the event horizon – a vista that presents infinite possibilities for hackers, malware developers, and threat actors to exploit. Converged environments needn’t be your organizational Achilles heel. Instead, such environments can be harnessed for testing new tech and workflows to improve efficiency, data analytics, and insights as also improving your cybersecurity posture and providing depth to your cyber resilience strategies. Connect with natalie.smith@subex.com to learn how you can join 30 percent of leaders who have successfully addressed this threat. Read our latest threat landscape report here to learn about cyber threats you need to know about. Proof: How we helped a leading manufacturer improve their cybersecurity posture and avoid such threats
Don’t miss this critical cybersecurity requirement Read More »