Sectrio

footer-logo
Contact Us

Eng

[google-translator]
footer-logo
Contact Us

Eng

[google-translator]

Cyber Security

Cyberattacks on Ukraine what lurks in the depths

Cyberattacks on Ukraine: what lurks in the depths?

Cyber Security, ICS, OT /

The unprecedented cyberattacks on the Ukrainian Army, defense ministry, and two large banks (Privatbank and Oschadbank) in many ways mark the dawn of a new era of geopolitically motivated cyberattacks. Even if it has or has not come from sources originally attributed to, the whole episode presents many reasons for concern. If a non-state actor is involved, then the ease with which the attacks were carried out is certainly surprising If an APT group affiliated with one of the states involved in the crisis has carried out the attack, then the latest cyberattacks are part of a series of attacks that have occurred over the last few months since the crisis began If the attack was carried out by an actor belonging to a country that is not part of the conflict in any way, then this attack that comes during a season of heightened tensions in the region could tip the scales and cause the first shots to be fired in the conflict due to the sheer scale of provocation. Now, that may not happen in this case, but these attacks could provide a sort of a playbook for other states and their APT groups to emulate to create geopolitical tensions quickly   Attacks on financial services and defense websites is clearly part of an act designed to send a message to some stakeholders involved in the conflict Cyberspace has now become a primary frontier where geopolitical adversaries can fire salvos without exchanging bullets or shots on the actual frontlines on the ground. While some may see this as a way of releasing accumulated geopolitical stress, there is a possibility of such acts spiraling into a full-fledged conflict, if left unchecked Cyberattacks have become a tactic for generating added pressure on the defense forces and the economy of an adversarial state. In the case of Ukraine, we have been reporting a rise in inbound cyberattacks since 2019. Reconnaissance attacks carried out during times of peace by APT groups may generate data and weaknesses that could be exploited during times of geopolitical stress or a conflict With expanding definition of critical infrastructure, a range of citizen-facing services will be turned into targets by adversarial states and actors backed by them. Citizens may even be targeted directly Lastly, such attacks can serve to deflect attention from another crisis or challenge that the adversarial entity may be planning to unleash in the short or long term All of the above are possibilities that could play out. So how can such cyberattacks on critical defense and financial services infrastructure be kept at bay? To defang a cyberattack, you need to not just detect these attacks but detect them early enough. What is even better is if you can catch these adversaries red-handed while they attack targets of low value that serve as traps. Large-scale decoys that mimic multiple elements of such infrastructures can be deployed to confuse and trap cybercriminals. They could also deflect sophisticated cyberattacks from APT groups and evolved hackers. The architecture for such decoy and deception technology involves the simultaneous use of simulation and dissimulation. Simulation involves creating a shadow or fake infrastructure through mimicking, inventing, and decoying fake digital infrastructure that appears authentic enough to keep the intruder engaged in the worthless pursuit of data or access to other resources. Dissimulation covers hiding, digitally camouflaging, and masking data and digital assets to hide them from hackers.  Both these measures can help keep critical infrastructure safe by deflecting cyberattacks and confusing the hackers. Sectrio has evolved multiple models to create such decoys at scale. We are today working with financial, industrial, and critical infrastructure operators globally to create scaled decoys that can be launched faster and keep your digital assets safe from cyber adversaries. Try our rich IoT and OT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio. Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report  

Cyberattacks on Ukraine: what lurks in the depths? Read More »

Evolving traditional ICS threat hunting to detect new threats

ICS threat hunting needs to evolve to detect new threats

Cyber Security, ICS, OT /

What is threat hunting?  Threat hunting refers to the processes and methodologies involved in seeking to identify threats in your network proactively. Threat hunters work by searching for signs of a breach or compromise (indicators of compromise) to indicate the presence of a threat.    In the case of industrial control systems and OT, the hackers can deploy multiple techniques to hide tracks and footprints and pass the digital divide between various systems to launch sophisticated attacks against ICS. While threat hunting in traditional systems is well established and follows a predictable path, in the case of ICS, there are many challenges to be overcome to make threat hunting more effective.    While MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework has been commonly used to identify tactics, techniques, and procedures (TTP) used by a hacker, the use of this framework for detecting threats related to ICS has not been a smooth affair. This is primarily due to the diverging nature of OT networks and controls as also the lack of visibility that IT network managers take for granted.   Further, the traditional threat hunting practices are designed for IT, and they cannot be extrapolated to cover OT and ICS without losing out on sophisticated actors and threats that may just sneak in.   ICS threat hunting challenges   In ICS, threat hunting should necessarily consider unique assets, logging facilities, devices, embedded firmware, and control systems that converse using traditional protocols. Further, a cyber adversary in an ICS environment would use a range of varied tactics (significantly different from that of an adversary targeting IT) for targeting ICS and OT. This will include tactics to degrade defenses, further network persistence, control manipulation, and damage to assets.   ICS threat hunting can turn into a complicated exercise due to a lack of information at various levels (inventory, patch status, operational dynamics, etc.)   The primary security layer when it comes to ICS threat hunting should involve and cover anti-breach solutions (across network and endpoints), network-level security, tamper detection, and port analysis, the secondary layer is where ICS focus comes in. Programmable Logic Controllers (PLCs) or Remote Terminal Units (RTUs) and other control and coordination instruments and gears should come in for specific attention and these could bear the biggest brunt of a cyberattack.   Data collected from these sources should be used to devise a comprehensive threat hunting policy and execution game plan. Cybersecurity posture can be called robust when the infrastructure is protected using a robust and dynamic mechanism that responds to threats as they emerge. This includes active and passive defenses, inventorization of ICS inventory, patch logs, real-time security monitoring, event logging, and cross-facility coverage.      Critical facilities and infrastructure (especially in manufacturing, oil and gas, and utility plants) linked to health and safety systems should get additional attention as their failure could turn into a catastrophic event    ICS threat hunters should have extensive knowledge of all OT systems, protocols, and security practices. Over the years, different facilities within the same organization separated by geography could have evolved different practices to secure their premises. Threat hunting should consider such variations and constantly evolve to cover new and dynamic threats.  OT and ICS protocol coverage for threat hunting is a non-negotiable requirement.     Finally, ICS threat hunting needs to constantly evolve in line with the changing OT threat landscape in cyberspace. Episodes like the attacks on the Ukrainian power grid and on water treatment plants in Florida and San Francisco have clearly shown that hackers are aware of the gaps in OT and ICS cybersecurity and will stop at nothing to exploit these gaps.    Try our rich IoT and OT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio. Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report  

ICS threat hunting needs to evolve to detect new threats Read More »

Building an improved industrial control systems cybersecurity governance model

Building an improved industrial control systems cybersecurity governance model  

Cyber Security, OT /

With rising cyberattacks on industrial control systems, ICS security teams are rushing to put in place an ICS security governance model that doesn’t just secure their control systems but amplifies the impact of institutional cybersecurity measures.   The foundation of a good ICS security governance model rests on 3As viz., awareness, accountability, and authority. Teams invested in ICS security should cover all three, to begin with, so that the fundamentals and the execution machinery and goals are aligned to any model that emerges later. Most organizations find their governance models pitted against bureaucratic inertia, misalignment with leadership goals, lack of accountability, evolutionary path, and specific objectives that are understood and accepted by all. Thus, by faltering in the first steps itself, the governance model doesn’t even get a chance to stand, let alone run.   Across industries such as oil and gas, manufacturing, and utilities, the teams tasked with managing ICS security often run into organizational goals that focus on improving employee productivity and output, meeting production schedules, etc. In such instances, ICS security measures added to control systems are perceived to slow down everything and thereby run counter to institutional priorities. We have all been there, haven’t we?  But with the emergence of new threat actors and independent groups targeting OT and ICS infrastructure, businesses need to take up the task of conceptualizing and deploying an ICS governance model in a hurry. Here are a few steps for ICS security that you can take to get this going: Never reinvent organizational culture: instead, bring a security dimension to the culture by making employees more risk and cybersecurity aware. Your organizational culture should be agile enough to incorporate security-related concerns and measures with ease. Creating a whole new culture might take time and resources and considering the rise in cyberattacks, you may not have that kind of time to get things in place.  Empower the CISO: the alignment in terms of budgets, ultimate authority and decision-making power should lie with the CISO. A CISO should be in a decision making rather than an influencing capacity when it comes to the overall cybersecurity posture and functions in the organization. To learn more, get the CISO handbook now. Go by impact view: every control system owner should be aware of the impact of a cyber incident on their respective operations. All resilience measures should also be linked to every unit and control management team in the organization. For instance, the shop floor could have its understanding of an impact of a targeted cyberattack on it but this understanding should be developed in collaboration with the ICS security teams, and if needed budgets can be assigned at this level along with the required accountability as well.  Measure everything: never keep your objectives at a theoretical level (prevent cyberattacks, address vulnerabilities, etc.) Instead, try and formulate a KPI-based (BRAG) scorecard for each parameter and track it separately and collectively (time to detect (detection time and quality as well) and address threats, time to patch, etc.). Each control area should have these KPIs that are tracked.    Conduct audits periodically to get data on opportunities for improvement. Consider frameworks such as NIST CSF, Zero trust, IEC 62443, etc., to improve basic governance parameters     Try our rich IoT and OT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio. Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report  

Building an improved industrial control systems cybersecurity governance model   Read More »

Getting your basic cybersecurity practices right

Basic IoT and OT security practices that can significantly reduce your cyber risks

Cyber Security, IoT, OT /

[et_pb_section admin_label=”section”] [et_pb_row admin_label=”row”] [et_pb_column type=”4_4″][et_pb_text admin_label=”Text”] When it comes to IoT and OT security, vendors will tell you how important it is to have a cybersecurity solution in place. Yes, one cannot keep hackers at bay using firewalls or air gaps alone. But in addition to a cybersecurity solution, your industrial control systems (ICS), SCADA systems, PLCs, networks, and IoT devices can certainly do with a lot more diligence in formulating and deploying cybersecurity best practices. We are talking about simple practices that can improve your odds in the fight against hackers and cybercrime. We have put together a few of these important IoT and OT security measures here: Improve patch management: this includes automating the discovery of unpatched systems and application of patches as and when they are made available. The entire lifecycle including the discovery of devices and systems, patch approval, distribution of updates, system and device reboot and finally logging of patch status should be automated Your cybersecurity team should ideally track Common Vulnerabilities and Exposures (CVEs) announcements and in case a patch for a vulnerability is not made available immediately, you can reach out to the OEM and ask for it or quarantine the affected systems till the patch is released. Vulnerabilities as old as months and years have been used in recent instances of  ransomware attacks Know what is connected and why: in some oil and gas, and industrial control system deployments, we came across devices that were of 90’s vintage and not only were they unpatched for years together, but the OT operator in this case was not quite sure about the role of some of the devices. Your device and infrastructure inventory has to be updated frequently and these updates should be managed centrally by an inventory management team   Run tabletop exercise, simulate an event: see how various teams respond to a IoT and OT Security incident, and more importantly, figure out how much of your data and infrastructure is at risk. This is not just from a cyberattack, but also missteps or mistakes in decision-making in the aftermath. It is better to have these errors show up during drills rather than during a real cyberattack  Conduct audits at least once a month to ensure that you are adequately prepared to handle an incident from threat detection to neutralization and continuity of business perspective Always pay more attention to health and safety equipment and controls. Ensure that they are tamper-proof and working with adequate levels of IoT and OT security Sensitize employees on the need to be risk aware at all times. Convey a number to indicate the potential loss that the business could incur because of a cyberattack. This number should be based on analyzed data rather than raw assumptions. These small steps can go a long way in securing your business and in raising awareness among employees. Beyond this, you can also look at going for IoT and OT focused threat intelligence, micro segmentation, and employee certification on cybersecurity to improve your overall IoT and OT security posture.   Try our rich IoT and OT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio. Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report   [/et_pb_text][/et_pb_column] [/et_pb_row] [/et_pb_section]

Basic IoT and OT security practices that can significantly reduce your cyber risks Read More »

Rising ransomware attacks point to a larger cybersecurity problem

Rising ransomware attacks point to a larger cybersecurity problem

Cyber Security, Featured, OT /

In January 2022, we witnessed a huge rise in ransomware attacks specifically on IoT and IT networks. Most of these attacks were designed to lock up the data, copy parts or whole of it and then dump the data on the Dark Web. If media reports are to be believed, many organizations that ended up paying a ransom didn’t get their data back. If we break up the ransomware problem, we can identify these as the key attributes of the bigger challenge posed by ransomware to businesses: Insider threat: emerging from employees or partners willingly or unwittingly ending up aiding hackers. Learn more about dead drops Rising potency of ransomware: hackers have invested extensively in ramping up the facilities behind ransomware production and distribution and this is the reason behind 2021 turning into a very successful year for hackers Growing ransom demand: there are contrasting reports on what was the highest ransom demand placed last year but it can be easily inferred that the ransom rates have certainly grown significantly in 2021 The rising role of enablers: while the number of ransom developers is growing, so is the role of the enablers. These include negotiators and even professional breach enablers who help in placing the ransomware in the target networks Bleeding data: in December 2021, the volume of new data dumped on the Dark Web rose by nearly 3 TB.  Hackers are now more aware of the vulnerabilities, cybersecurity gaps, and process deficiencies associated with IoT, IT, and OT in businesses and they are using this information to breach assets and networks    What can businesses do to protect themselves from ransomware attacks? In sectors like manufacturing, pharma, defense, and retail, cybersecurity needs to be embedded into supply chains and feeder processes For small and medium businesses, operational visibility and visibility into networks at all times is a must. Oil and gas (upstream and downstream operators) is a sector that has been traditionally vulnerable to a range of threats. Oil and gas companies need to harden their operations from a cybersecurity perspective and revisit their processes and cybersecurity practices to align them with the new cyber threats and challenges that are emerging in the background Healthcare firms need to ramp up their IT security and invest extensively in securing their data Micro-segmentation: involving fragmenting networks to enable greater visibility and granular enforcement of cybersecurity policies is a must deploy cybersecurity measure    Industrial Control Systems and health and safety systems should be especially protected as these could not just create an operational challenge for businesses but more importantly, could create a health and safety hazard for employees working in manufacturing plants that deal with oil and gas products and other complex and dangerous chemicals Cybersecurity audits should be conducted at least once a month. There are many available formats for conducting this. We have created one for you here that is aligned with the NIST framework Encourage employees to report incidents and incentivize them to proactively detect and report vulnerabilities or security gaps Businesses connected with a long tail and short tail supply chains should collaborate to arrive at common security standards and measures that they can deploy together Enforce a no-click policy for suspicious emails Look at opting for multiple vendors for obtaining your threat intelligence feeds Looking at improving your IoT, OT, and IT cybersecurity, consult an expert from Sectrio for free. Book your slot now. Try out our threat intelligence feeds and improve your threat hunting capabilities. See how our OT-IoT-IT security solution can handle such threats to your enterprise. Book a no-obligation demo.  Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report  

Rising ransomware attacks point to a larger cybersecurity problem Read More »

Improving OT security by understanding key security challenges

Improving OT security by understanding key security challenges

Cyber Security, Featured, OT /

The convergence of IT-OT and IoT has opened new avenues for hackers to target systems based on those three technologies. OT however, has been impacted uniquely as the security dimensions of OT have not been fully understood by security practitioners. With the collapse of the traditional air-gapped systems, OT devices are now being targeted extensively by various hacker groups. To counter them, we need to get to understand how are hackers breaching OT systems.   There are two main routes of entry for hackers into OT Security. One involves using networks as conduits to access a production facility in a connected OT environment. In an unsegmented network, all (compromised) connected assets could serve as entry points for hackers. This is especially true for OT operators in traditional industries such as manufacturing, power plants, oil and gas refineries, and pipelines that are now embracing some form of digital transformation and large-scale automation.   The second conduit involves a physical breach by an intruder carrying a USB drive with the malware payload and connecting it to the OT network from within. Such a modus operandi is often used to target OT systems within the defense, maritime, and power companies that still house unconnected or air-gapped OT security systems.    OT cyberattacks are thus not accidental episodes and require significant planning and execution finesse on the part of the hackers.  In the case of many defense facilities such as radar stations, communication, and signals hubs, we have seen hackers or their enablers throw infected pen drives into the campuses of these defense entities to be used by an unsuspecting employee. Though the use of USB drives is strictly regulated, such devices still manage to become part of some of the large OT breaches we have seen in the last few years.   OT Security challenges and targets Safety and control systems are high on the wish list of hackers. These are the systems that when accessed and modified can cause tremendous disruption and loss. Such breaches are also hard to contain and soon the news of the breach reaches the external world and the hackers through media. ICS and SCADA systems have been traditional targets for hackers and they continue to be targeted.    A safety instrumentation system or even an environment control system both of which are key to ensuring safety in plants and other locations which are accessed by plant personnel. This puts their lives at risk and could also pose a danger to critical instrumentation including their calibration which is often quite sensitive and even a minor change could trigger a series of production errors downstream.   Improving OT security  Start by viewing IT and OT as extensions of the overall digital infrastructure and cover them through a unified security policy that takes into account unique cybersecurity aspects for them individually as well.   The above policy should also contain common goals for both IT, IoT and OT security teams. Key KPIs and milestones should also be formulated that they can achieve in collaboration   Conduct periodic joint digital security audits across the enterprise to evaluate the institutional cybersecurity posture and to eliminate gaps  NIST cybersecurity framework and the IEC 62443 can be used as guides to secure parts of the network or as a whole   Micro segmentation: can be used as an excellent tactic to isolate the overall digital infrastructure into fragments. This will not just help contain an attack but will also prevent malware from moving laterally   For digital transformation or large-scale OT automation projects or those involving phased transition to IIoT, OT security teams should be roped in to develop a comprehensive security roadmap that doesn’t just end with the transition. Instead, the roadmap should cover long term operational security for all assets and must take into account converged threats or threats that might emerge in the future    As part of the unified security, policy, an OT security specific policy can also be developed to bring OT security on par with IT security   Operate with OT-focussed threat intelligence to detect unique threats that may affect OT but not IT  Vulnerability assessments and gap analysis should be conducted at regular intervals and such processes should be further documented through regular audits   Security for IT, IoT and OT assets should be owned by a joint cybersecurity team including members from both sides. This will ensure the evolution of a common minimum standard for security across the organization    Deploying an OT security solution that works to secure all aspects of OT is also recommended   Sectrio is offering its threat intelligence feeds for trial for free for 15 days. Our feeds work with the best SIEM solutions out there and meet all the parameters listed above. To access our threat intelligence feeds for free, sign up now. Talk to our cybersecurity experts to learn how Sectrio’s IoT security solution and threat intelligence can help your business See how our OT-IoT-IT security solution can handle such threats to your enterprise. Book a no-obligation demo.  Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report  

Improving OT security by understanding key security challenges Read More »

10 easy to deploy steps for better Industrial Control Systems ICS security

10 easy to deploy steps for better Industrial Control Systems (ICS) security  

Cyber Security, Featured, Manufacturing, OT /

Last week the Biden Administration announced the extension of the Industrial Control Systems (ICS) Cybersecurity Initiative to the water and wastewater treatment facilities. ICS across sectors is at risk from targeted cyberattacks. This is especially true of ICS connected with critical infrastructure. Thus this announcement comes as no surprise with more sectors being recognized as critical, the role of ICS cybersecurity in national economies in addition to the success of businesses has now come under the scanner.  What is the nature of threats to ICS?  The Colonial Pipeline, JBS Foods, and other high-profile incidents that occurred in the recent past have shown that security risks and attacks connected with ICS are growing These are some of the reasons why the threats to ICS are growing: Use of legacy systems that cannot be scanned for vulnerabilities or threats. In many such systems, patching is unheard of as the OEM might have already shut shop as some of these devices were manufactured almost three decades ago     ICS operation and maintenance practices are not aligned to the cybersecurity practices that are being currently followed in many organizations   Often there is no dedicated team managing the cybersecurity needs of ICS and the IT security team is tasked with securing them. The IT teams may not be trained to secure such systems   OT and ICS systems were purpose-built to serve specific needs and nothing more. So to get them to accommodate security in their day-to-day function is near impossible  Partial automation in some instances have led to newer security concerns   Lack of visibility into the functioning of these systems has proven to be a significant barrier   What can be done to secure ICS?  Rising breaches in ICS and OT systems have made cybersecurity teams sit up and take notice of ICS security gaps emerging from these systems. Thus, attempts are being made to launch programs to secure them and to contain threats and risks to such systems.  These are the steps that Sectrio proposes to businesses and governments that wish to secure their ICS:  Access management: to ensure physical and digital security in systems that are fully or partially automated   Inventory management: know how many ICS systems are there and what exactly does each component do    Threat detection and neutralization: curb malicious activity at all levels    Vendor management: work with vendors to improve ICS security wherever possible    Risk reduction: go for ICS security solutions that improve ICS and OT cybersecurity without creating any significant disruption    Micro segmentation: segment networks and infrastructure into manageable bits and evolve and deploy micro security policies that can be better administered   Security audits: development and application of unique security policies and procedures that are custom developed for control system network and its devices. This will also help sensitize security teams and other stakeholders on the need to pay attention to OT and ICS security    Vulnerability assessment: period assessment of vulnerabilities at all levels should help plug gaps    Security of data transfers: across networks, data transfer should be done in a secure and with adequate authentication    Deploy workflow improvements to enhance security and operational transparency   Wish to develop an OT security policy? We have something to get you going here: OT Security Policy Talk to our regional cybersecurity experts in North America, the Middle East, APAC, and Latin America to understand how to secure your regional ICS, OT, and IoT systems.   Learn about easy to deploy compliance kits to help your regulatory compliance initiatives.    Sectrio is offering its threat intelligence feeds for trial for free for 15 days. Our feeds work with the best SIEM solutions out there and meet all the parameters listed above. To access our threat intelligence feeds for free, sign up now. Talk to our cybersecurity experts to learn how Sectrio’s IoT security solution and threat intelligence can help your business See how our OT-IoT-IT security solution can handle such threats to your enterprise. Book a no-obligation demo.  Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report  

10 easy to deploy steps for better Industrial Control Systems (ICS) security   Read More »

Untitled design 15

Cyber securing connected OT and IoT infrastructure in the Middle East

Cyber Security, Cybersecurity awareness month, IoT, OT /

In the last 15 days, hackers in the Middle East and Africa region have added another sector to the list of their targets in the region. Cyberattacks on healthcare facilities in the region rose significantly over baseline levels during this period. Let us examine the causes and implications of this trend. Since 2019, we have seen cyberattacks by regional APT groups rise substantially. The primary targets were oil and gas facilities and utility infrastructure including facilities related to water treatment and distribution. These tit-for-tat attacks spilled over into the healthcare sector and now many established healthcare facilities are being targeted in the region. The common factor in both these segments is the potential for impacting ordinary citizens. As we have seen in the last 6 years, APT hackers often target facilities that can cause maximum disruption. Research by Sectrio has shown that hackers were targeting critical infrastructure through reconnaissance malware. Since most of these attacks went unchallenged within the networks of targeted institutions, hackers were able to gather plenty of information on data flow behavior within networks, security measures, device architectures, connection configurations, and information on privileges. Hackers used this data along with hijacked smart devices such as web cameras, connected home automation hardware, and connected devices deployed by manufacturers to target high-value infrastructure in the region. We expect such attacks to continue till the fall of 2024. This forecast is based on past cybersecurity measures we have seen in the region. Cyberattacks will continue to evolve in the meantime. The only way businesses can protect themselves is by investing in the right measures to contain cyberattacks and increase the distance between them and the hackers. These include: Developing a more comprehensive understanding of device topology to know what is connected and exactly what it is doing on the network Frequent vulnerability scans to detect and address vulnerabilities early OT and IoT devices should be checked for CVE vulnerabilities Operate with an OT-IoT-IT risk management model that emphasizes early detection and mitigation of threats Adopt cybersecurity frameworks such as Zero trust and IEC 62443 Use micro-segmentation to deploy granular cybersecurity policies as also to prevent lateral movement of malware Manage privileges Allow all components of the infrastructure to earn trust for connectivity and end-use Use the right threat intelligence to identify the latest and relevant threats We are offering a free OT-IoT cybersecurity assessment slot for select businesses in the Middle East and Africa region at GITEX 2021. Walk into H2-D1 at the World Trade Center or give us your details here to claim this offer.In case you prefer a more detailed meeting, do reach out to us at info@sectrio.com Don’t miss out on this exclusive offer. Book your free slot now.

Cyber securing connected OT and IoT infrastructure in the Middle East Read More »

Scroll to Top