Sectrio

Cybersecurity awareness month

Why-cyberspace-remains-largely-unaffected-amidst-ongoing-geopolitical-turmoil

Why cyberspace remains largely unaffected amidst ongoing geopolitical turmoil

The lack of any large cyber incidents doesn’t mean things are still deep under. Instead, this could well be the lull before a cyberstorm.     Earlier this week, Iran-linked APT group Charming Kitten (aka Ballistic Bobcat APT, APT35, and Phosphorus) initiated a fresh cyber espionage campaign targeting 14 countries across the globe. The objective of these attacks was to exfiltrate data and to open backdoors for long-term espionage.   Telemetric analysis conducted by Sectrio’s Threat Research Team revealed a higher level of APT 35 activity than ever before with governments, healthcare institutions, oil and gas, and manufacturing entities being targeted. The group is targeting these entities at two levels one is by attacking exchange servers and two by sending large-scale phishing campaigns using ‘critical media updates’ as the subject line.   In addition to this, certain groups are also scaling up their reconnaissance attacks taking advantage of the distraction that has been created by the large-scale DDoS and defacing attacks carried out by other groups. This is a pattern that we have often seen in the past where website defacing attacks are often used to cover targeted attacks.      As conflicts in the Middle East and Eastern Europe draw on, information warfare, or more specifically information held for ransom could become a game-changer for the parties involved. This is why we have not seen any major cyber incidents occurring since the latest outbreak of hostilities. However, knowing cyberspace, things could escalate quickly if the information already pilfered is put to use by the threat actor concerned or by their backers.       Cyberspace realities: Change in tactics Unlike past geopolitical conflicts where cyberspace was impacted almost immediately, the biggest impact this time around has been limited to DDoS attacks on websites and the compromise of social accounts. That’s how most of the attacks panned out. However, reconnaissance and data exfiltration attacks on businesses have also grown but not as significantly as the DDoS attacks.   To-do list for CISOs and Security leaders Thus, things might escalate quickly reducing your time to respond. Here is an immediate to-do list for you as a CISO or a security leader:   How sectrio can help Sectrio is a one stop solution to secure all the above needs and requirements. Reach out to us and find out how sectrio can help secure your organization today.

Why cyberspace remains largely unaffected amidst ongoing geopolitical turmoil Read More »

Complete-Guide-to-Asset-Inventory-Management-in-OTICS-1

Complete Guide to Asset Inventory Management in OT/ICS

In the past few years, it has been seen that industrial control systems (ICSs) are also vulnerable to cybersecurity incidents. As a result, organizations have become increasingly aware of their vulnerabilities, which has led to the deployment of security measures to boost the cybersecurity of their networks and devices. However, a persistent issue remains – a need for more knowledge regarding the extent and total number of assets these organizations hold. With no comprehensive guidelines on the nature and scope of the assets possessed by an organization, it becomes challenging to implement security measures. Without knowing the full scope, it becomes challenging to secure all devices effectively, leaving some vulnerable and unprotected. Adhering to the age-old adage that ‘a chain is only as strong as its weakest link,’ we can infer that failing to secure all assets uniformly renders these security measures inadequate. As a result, it is highly significant to create a complete set of guidelines on asset inventory management, covering all assets involved in the operational process to counter cyber threats. If executed meticulously, this inventory will compile detailed information for each asset, including software or firmware versions that may have been installed. This information will enable organizations to manage vulnerabilities effectively, take all necessary steps to investigate, and provide adequate responses. This blog describes the different types of asset inventories that can be generated. It will also provide information on the tools that can be used to create them and give a step-by-step guide on how to manage these inventories effectively and accurately. However, before getting into the specifics of asset inventory, let us understand the significance of OT/ICS in a nutshell. For any industry, OT/ICS is the lifeblood, covering all essential segments like manufacturing, energy production, transportation, and more. They are the brains that control all systems, from the power grid in a city to conveyor belts in a factory. Without these systems, the world as we know it would come to a halt.  What Is Asset Inventory Management? Asset inventory management is the meticulous process of cataloging, tracking, and maintaining an up-to-date record of all the assets within the OT/ICS environment. That being said, the assets in question can include anything from programmable logic controllers (PLCs) to sensors, actuators, and even software systems. In short, it’s the same as making a complete inventory of every tool in a chef’s kitchen. Here is a list of the information that an OT/ICS asset inventory typically contains: Why Is It Crucial? You may be wondering why such thorough record-keeping is required. Well, here’s the crux of the matter: assets within OT/ICS are not just tools; they are the lifeline of operations. They are like the vital organs of a living organism. To keep things functioning well, you have to understand each asset’s condition, location, and function. The Role of Asset Inventory Management Asset inventory management serves several critical roles in the world of OT/ICS: Reliability Assurance: By keeping tabs on the condition of assets, organizations can schedule maintenance and replacements proactively, ensuring minimal downtime and maximum efficiency. Security Enhancement: In an age where cyber threats are ever-looming, knowing your assets inside out is essential for strengthening the cybersecurity of these systems. It is similar to building a fort with no internal flaws. Compliance Adherence: Different industries have specific regulations and standards to follow. Maintaining an accurate asset inventory helps organizations stay compliant with these rules, avoiding costly penalties. Risk Mitigation: Unexpected situations can arise, like equipment failures or security breaches, that can wreak havoc. Asset inventory management helps you identify and mitigate such risks, thus allowing organizations to be prepared for the worst at all times. Recommended reading: How to get started with OT security In crux, asset inventory management is the watchful guardian of the OT/ICS world, ensuring everything runs smoothly and securely. It’s the difference between chaos and order, vulnerability and resilience. What Are the Types of Asset Inventory? There are several types of asset inventories that organizations may use, depending on their specific needs and the nature of their assets. Here are the most common types of asset inventories: Type of Asset Inventory Description Physical Asset Inventory Tracks tangible assets like machinery and equipment. Digital Asset Inventory Manages software, licenses, and digital content. Fixed Asset Inventory Monitors long-term assets like buildings and major equipment. Movable Asset Inventory Tracks easily relocatable assets like laptops and mobile devices. IT Asset Inventory Manages IT resources, including servers and software licenses. Financial Asset Inventory Tracks investments, securities, and financial holdings. Personnel Asset Inventory Manages human resources, skills, and training records. Inventory of Consumables Monitors consumable items like raw materials and office supplies. Software Asset Inventory Manages software licenses, installations, and updates. Intangible Asset Inventory Tracks non-physical assets like patents and copyrights. Facility Asset Inventory Focuses on building and facility assets like HVAC systems. Transportation Asset Inventory Tracks vehicles and assets in transportation and logistics. What are the Steps to Creating an Asset Inventory in ICS? Creating an asset inventory in ICS  involves several key steps to ensure that all assets are accurately identified, tracked, and managed. Here are the essential steps to create an asset inventory in ICS: Define the scope: Clearly delineate the boundaries of your ICS environment, including all interconnected systems, subsystems, and networks. Define what is within its scope and what is outside of it. Gather stakeholder input: Engage with various departments, such as operations, IT, maintenance, and security teams, to understand their needs and priorities regarding asset identification and management. Identify asset categories: Create asset categories that align with your organizational goals. For example, categories might include “Control Systems,” “Networking Equipment,” “Physical Devices,” and “Software Applications.” Asset Discovery: Implement network scanning tools that can identify assets automatically. These tools should provide information about asset IP addresses, MAC addresses, and open ports. Manual Verification: Not all assets may be discoverable through automated scans. Perform physical inspections to identify assets that might be offline, hidden, or not connected to the network. Asset Documentation: Create a comprehensive

Complete Guide to Asset Inventory Management in OT/ICS Read More »

OT/ICS VAPT practical guide

OT/ICS Vulnerability Assessment and Penetration Testing (VAPT) – A Complete Guide

Have you ever wondered about the hidden chinks in the armor of your operational technology systems? In the interconnected web of technology, where the digital landscape extends its reach into every corner of our lives, safeguarding data and systems has never been more crucial. This is especially true regarding Operational Technology (OT), the silent sentinel that oversees the vital functions of industries and infrastructures worldwide. Imagine power plants humming with life, assembly lines in synchronized motion, and transportation systems moving seamlessly, all orchestrated by the intricate dance of OT. Yet, amid this balance of efficiency and productivity lies an unseen battlefield – a digital frontier where vulnerabilities could turn harmony into chaos.  Welcome to Vulnerability Assessment and Penetration Testing (VAPT) in Operational Technology.  In this blog, you’ll learn how to identify weaknesses in your vital infrastructure and combat potential cyber threats. In a time when technological progress offers unmatched potential, it also invites unimaginable risks. The potency of Vulnerability Assessment and Penetration Testing (VAPT) becomes apparent in this situation. Understanding OT Vulnerabilities OT forms the backbone of industries and infrastructures, governing processes that range from power generation to transportation. Yet a vulnerability landscape lurks beneath the facade of seamless operations, waiting for an opportunity to disrupt.  OT Vulnerabilities: The Unseen Threats Operational technology encompasses many physical devices, control systems, and networks. These systems control critical processes, making them a prime target for cyberattacks. The vulnerabilities that plague OT environments can stem from various sources, potentially undermining safety, efficiency, and functionality. Legacy Technology: Many OT systems were designed before cybersecurity became a paramount concern. This legacy technology often lacks the built-in security measures present in modern systems, making them vulnerable to attacks. Lack of Regular Updates: Unlike consumer technology, OT systems may not receive regular updates or patches. This absence of updates leaves security gaps that attackers can exploit. Proprietary Protocols: OT often relies on proprietary communication protocols unique to specific industries. While these protocols enhance efficiency, they can also obscure vulnerabilities from common security assessments. Impact on Critical Infrastructure The consequences of exploiting OT vulnerabilities extend far beyond the digital realm. Consider a scenario where an attacker gains unauthorized access to a power plant’s control system. They might tamper with the settings by exploiting weaknesses, resulting in power outages or equipment damage. This poses a possible risk to both public safety and the economy in addition to being an inconvenience. Furthermore, the ripple effect of an OT breach can extend to other sectors that depend on the affected infrastructure. A single breach could trigger a chain of disruptions, potentially causing widespread chaos. Bridging the Gap: IT vs. OT One of the challenges in understanding OT vulnerabilities lies in the different approaches to cybersecurity between Information Technology (IT) and OT. While IT focuses on data security and confidentiality, OT prioritizes the uninterrupted functioning of physical processes. This discrepancy can lead to blind spots in security measures, exposing OT systems. To complicate matters, IT and OT often share networks due to cost-saving measures. This convergence introduces vulnerabilities in both systems, as attacks could migrate from one to the other. Recommended Reading: Getting started with OT security Understanding the vulnerabilities in Operational Technology is the first step toward securing critical systems. By recognizing the challenges posed by legacy technology, the lack of updates, and the unique landscape of OT, we gain insight into the vulnerabilities attackers seek to exploit.  The Significance of Vulnerability Assessment and Penetration Testing (VAPT) in Operational Technology (OT) The marriage of digital technology with physical processes creates a unique challenge that traditional security measures struggle to address. This is where Vulnerability Assessment and Penetration Testing (VAPT) is a guardian of reliability, safety, and operational continuity. Protecting the Heartbeat of Industries Operational Technology serves as the heartbeat of critical infrastructure. Whether it’s the controlled flow of electricity, the precision of manufacturing, or the orchestration of transportation, OT’s influence is undeniable. Yet, as industries rely increasingly on interconnected systems, the potential for cyber threats to infiltrate and disrupt these processes grows exponentially. While essential, traditional security methods, like firewalls and antivirus software, fall short in the face of rapidly evolving cyber tactics. Here, VAPT emerges as the linchpin of defense. By proactively identifying vulnerabilities and simulating attacks, VAPT exposes weak points that adversaries could exploit, enabling timely remediation. The Limitations of Traditional Security The limitations of traditional security measures in OT environments become apparent when we consider the unique characteristics of these systems. Unlike Information Technology (IT), where data protection is paramount, OT focuses on maintaining the continuity and reliability of physical operations. The primary concern isn’t just data breaches but potential operational disruptions that could have cascading effects. VAPT bridges the gap between traditional security and the specific needs of OT. It assesses the cybersecurity landscape through the lens of operational impact, highlighting vulnerabilities that might otherwise go unnoticed by generic security measures. The VAPT Approach: Proactive Defense Vulnerability Assessment and Penetration Testing don’t wait for attackers to strike. Instead, they adopt a proactive stance. Here’s how each component contributes to the robust defense of OT systems: Vulnerability Assessment (VA): This phase systematically identifies vulnerabilities across the OT environment. Automated scans and manual analysis uncover potential weak points, whether they stem from outdated software, configuration errors, or undiscovered backdoors. Penetration Testing (PT): With insights from the VA, the PT phase simulates attacks in controlled environments. Ethical hackers attempt to exploit identified vulnerabilities, mimicking the tactics of real attackers. The goal is to understand how these vulnerabilities could be leveraged and assess their impact. A Unified Defense Strategy VAPT’s significance lies in its ability to unite IT and OT security efforts. The collaboration between these two traditionally separate domains is vital to safeguarding the convergence of digital and physical processes. VAPT testing ensures that security measures don’t inadvertently disrupt operational functionality, striking a delicate balance that secures without hindering. In a landscape where the stakes are as tangible as digital, VAPT serves as a vigilant watchman, detecting vulnerabilities that could

OT/ICS Vulnerability Assessment and Penetration Testing (VAPT) – A Complete Guide Read More »

NIST 800-82 R2/R3

NIST 800-82 R2/R3: A Practical Guide for OT Security Professionals

“Is our critical infrastructure truly secure in the face of ever-evolving cyber risks and insider threats?” This question resonates with an urgency that cannot be disregarded in a world where technology is woven into every facet of our existence. The pulse of modern industries relies on the seamless convergence of Operational Technology (OT) and digital systems. While this fusion promises efficiency and progress, it also opens the floodgates to potential cyber vulnerabilities that could cripple vital infrastructure. Recommended Reading: How to get started with OT security As industries become increasingly interconnected, the need for robust security measures has birthed the National Institute of Standards and Technology (NIST) 800-82 Revision 2 (R2) and Revision 3 (R3). These seminal documents offer more than just guidelines; they are a beacon guiding OT security professionals in safeguarding our critical systems from digital perils. In the subsequent sections, you’ll embark on a journey deep into the heart of NIST 800-82 R2/R3. You’ll explore its significance and practical implementation and understand how it weaves a protective cocoon around our operational technology landscape.  This is not just a technical endeavor; it’s a call to action, a rallying cry to ensure that our industries stand fortified against the tides of cyber threats. Let’s unravel the layers of NIST 800-82 R2/R3 and discover how its wisdom can pave the way to a safer digital future and be a practical guide for OT security professionals. Understanding the Significance of NIST 800-82 R2/R3 Framework Picture a world where power grids, manufacturing plants, and transportation networks suddenly come to a grinding halt. The lights go out, production lines cease their rhythmic hum, and vehicles stall on highways. The very fabric of our modern society frays at the edges, all because of a few lines of malicious code.  This scenario isn’t a dystopian fantasy; it’s a chilling reality that underscores the fragility of our critical infrastructure in the face of cyber threats. Operational technology, the backbone of these infrastructural giants, wields the power to shape economies and societies. Yet, this power also paints a bullseye on its back. As the world transitions into the digital era, the convergence of Information Technology (IT) and OT systems opens Pandora’s box of vulnerabilities.  It’s a landscape where an attack on a single OT component could trigger a cascading catastrophe affecting countless lives. NIST 800-82 R2/R3 Framework:  The National Institute of Standards and Technology (NIST) 800-82 R2/R3 framework offers a comprehensive roadmap designed to empower OT security professionals with the necessary guidance to secure their infrastructure. NIST 800-82 R2: Built on Experience, Forged by Challenges The evolution from the original NIST 800-82 to Revision 2 is a testament to the rapid transformation of the threat landscape. Every breach, every incident, and every challenge that emerged since the inception of the original framework has been meticulously woven into the fabric of R2. It’s a living document, breathing in past lessons to arm us against present and future threats. NIST 800-82 R3: Holistic Resilience in a Digital Age But NIST didn’t stop there. With the emergence of Revision 3, the framework blossoms into a more holistic approach, emphasizing risk management, resilience, and adaptability. R3 encourages us to transcend the traditional notions of security and embrace a mindset that anticipates, mitigates, and recovers from threats. It underscores the urgent need for organizations to not only shield themselves but also to build a shield that evolves and strengthens over time. The Essence of NIST 800-82 R2/R3 Template These documents transcend technical jargon; they encapsulate a philosophy that acknowledges the dynamic interplay between technology, strategy, and human behavior.  In a world where change is the only constant, NIST 800-82 R2/R3 becomes the rock on which organizations can build their defenses. It’s a promise that, regardless of the shape-shifting nature of cyber threats, we stand united with a framework that equips us with the right strategies to secure what matters most. Key Components of NIST 800-82 R2/R3 Risk Management: Illuminating the Path Ahead In OT security, ignorance is not bliss—it’s a ticking time bomb.  NIST 800-82 R2/R3 acknowledges this reality and places risk management at the very core of its philosophy. It’s a call to arms, urging OT security professionals to proactively identify vulnerabilities and assess threats before they manifest into full-blown crises. Categorizing Assets: Know Your Terrain Imagine embarking on a journey without a map. Chaos would reign, and progress would be hampered by uncertainty. Similarly, in the world of OT security, understanding the lay of the land is paramount.  NIST 800-82 R2/R3 advocates for the meticulous categorization of assets—both physical and digital. This comprehensive inventory lays the foundation for effective risk assessment, enabling security professionals to identify potential weak points and allocate resources where they matter most. Security Controls: Building the Bastions While risk assessment is the compass, security controls are the fortress walls. NIST 800-82 R2/R3 presents a comprehensive list of security controls and countermeasures that collectively bolster the defense mechanisms of OT systems.  From access control and network segmentation to intrusion detection and incident response, each control serves as a sentinel, vigilant against threats that may attempt to breach the barriers. Layered Defense: The Power of Synergy The strength of NIST 800-82 R2/R3 lies in its emphasis on a layered approach to security. It recognizes that a single defense mechanism is insufficient to thwart the myriad of threats lurking in the digital landscape.  Just as a medieval castle featured multiple layers of walls, moats, and gates, OT systems must employ diverse security measures that, when combined, create a formidable defense against adversaries. Adaptive Strategies: Navigating the Unknown In the world of cybersecurity, stagnation is akin to defeat. NIST 800-82 R2/R3 champions the concept of adaptability—a strategy that acknowledges the dynamic nature of threats and the need to evolve defenses in response.  By incorporating the principles of continuous monitoring, organizations can swiftly detect anomalies, assess their potential impact, and recalibrate defenses to address emerging threats. Practical Implementation of NIST 800-82 R2/R3 Building the Foundation: Asset Inventory and Management Imagine

NIST 800-82 R2/R3: A Practical Guide for OT Security Professionals Read More »

Securing water and wastewater treatment plants with defense-in-depth

In April this year, the intelligence community in the US issued a warning that adversarial entities were planning to target the country using cyberspace. States were wielding cyber operations as a means to achieve nefarious goals including causing destruction and disruption. Just 5 months down, we are already seeing a significant rise in the rate of background cyberattacks as well.Attacks on critical infrastructure related to public services is a problem that governments around the world are trying to manage. This problem is even more pronounced in the US, thanks to the number of adversarial entities that are targeting critical infrastructure in the country. In addition to over 7 evolved APT groups, there are over 39 documented hacker groups and malware developers that are working together or in isolation to target critical infrastructure in the US. Along with power plants and grids, it’s the water and wastewater management and treatment industry that is now bearing the brunt of sophisticated and persistent cyberattacks. A mix of existing vulnerabilities, lack of cyber hygiene practices, and visibility into network activity are among the key contributing factors. The infrastructure components that are most vulnerable to cyberattacks are valve stations, pumping stations, operations control centers, and treatment plant controllers. PLCs and SCADA systems along with switches and HMI are the specific components that are vulnerable. The addition of new devices to manage pumps and IoT devices that monitor flow and pressure are also vulnerable. Securing water and wastewater facilities This needs a multi-phase defense-in-depth approach that addresses vulnerabilities, detects rogue or unauthorized devices, shrinks threat surfaces, and prevents lateral movement of malware. Defense-in-depth involves fortifying infrastructure at various levels including intrusion detection, vulnerability scanning, micro segmentation, and threat lifecycle management.To detect cyberattacks, plant operators need rich and contextual threat intelligence. Each of these steps will help deter hackers and minimize threats to plant personnel and assets. Plant operators also need to invest in training their employees to prevent phishing attacks from succeeding. Defense-in-depth also requires visibility into supply chains to ensure integrity. Finally, by adopting the zero-trust framework, plant operators can prevent unauthorized activity.

Securing water and wastewater treatment plants with defense-in-depth Read More »

Cybersecurity is the need of the hour banner

GITEX 2021 key takeaway: OT and IoT cybersecurity is the need of the hour

Sectrio showcased its OT and IoT security solutions and threat intelligence offerings at the event. Through meetings and discussions with cybersecurity leaders, we were able to get a pulse on cybersecurity priorities in the region. As GITEX 2021, the most coveted and attended tech event in the Middle East region got over last week. We are sharing key insights from GITEX 2021 in this post.   Why is OT and IoT cybersecurity the need of the hour? Wish to learn more about managing vulnerabilities, monitoring your networks, and detecting threats? We are offering a free threat assessment exclusively for select businesses. To claim yours, do share your details here.

GITEX 2021 key takeaway: OT and IoT cybersecurity is the need of the hour Read More »

2 1

India Vs. Pakistan: cricket encounters on the field and digital battles off it

Highest amount of Cyberattacks recorded in India While yesterday was a big day for cricket fans in the Indian sub-continent. Cricket teams from India and Pakistan clashed in a T-20 encounter as part of the ICC Men’s T20 World Cup in Dubai. While the match was being held, we were able to record some interesting developments in cyberspace.    For the last 6 days, the number of inbound cyberattacks logged by our physical and virtual honeypots in India held steady in the region of about 3,00,000 attacks a day. On October 24th, however, the number of attacks rose substantially to hit the 490000 mark briefly before dipping significantly towards midnight Indian Standard Time. The cricket match was over by then. We are only considering the sophisticated attacks here (this does not include reconnaissance or low-grade probing).  Most of the cyberattacks were coming directly from IP addresses belonging to a certain country to the West of India (no prizes for guessing). There were also a few IP addresses from South East Asia and Eastern Europe that were participating in these attacks. These IP addresses belonged to known botnets which meant that they were being leveraged for coordinated event-based cyberattacks on the country.    While the spike in cyberattacks connected to a geopolitical event is now commonplace, it is the first time that such cyberattacks have been linked to a sporting event involving teams from the sub-continent.   Geopolitical developments and cyberattacks   Sectrio has in the past shown the links between geopolitical developments and cyberattacks in the Middle East, North America, and Southeast Asia. The mode of operation is more or less the same in all the cases which are that every spike in the volume of cyberattacks logged by our honeypot networks is linked to a geopolitical development in the region.   State-sponsored actors or nation-state groups are often behind such attacks. Third-party actors affiliated with state-backed actors are also activated by nation-state groups (or specifically their controllers) to increase the impact of such attacks. Even states that are not recognized by the United Nations have their own hacker groups that participate in such attacks. These groups earn foreign exchange or specifically hard currency for the treasuries of the states involved.    The cyber armory deployed by such groups has diversified in recent years with the induction of stealthy ransomware and advanced military-grade malware developed and sold by agencies backed by the cyber intelligence wings of nation-states. Malware dumps in the Dark Web and malware procured from groups that steal them from academic institutions and private labs and sell them through forums are also used in such attacks after modifying them enough to evade detection and to hide their origin.   Every possible outcome including disruption, espionage, and theft of critical and confidential information, deployment of trojans for long-term spying, and infrastructure monitoring are pursued by such groups. The targets include critical infrastructures such as water treatment plants, power grids, oil and gas infrastructure, key manufacturing facilities, stock exchanges, and defense installations.   To deter such cyberattacks, critical infrastructure needs to be secured on priority. OT elements, IoT devices and networks, and IT-based systems need to be diagnosed for vulnerabilities and cyber risks using sophisticated cybersecurity tools like micro segmentation, Vulnerability management, and contextual threat intelligence. Till such a time that cybersecurity receives more attention and action, such attacks will continue to grow in scale and impact.   

India Vs. Pakistan: cricket encounters on the field and digital battles off it Read More »

5 1

Singapore brings focus to its national OT cybersecurity strategy

Almost half a decade after it unveiled its cybersecurity strategy, Singapore brought in new amendments to its national plan to move towards a more proactive approach to address threats. It also brought in a new operational technology competency framework to provide a strong foundation for attracting and developing talent for the emerging OT sector in the country. This revision is a positive move and will yield dividends in the near term. The 2021 cybersecurity strategy underscores the attention Singapore has been paying to critical information infrastructure in the country. Singapore’s Cyber Security Agency has said that it is open to working with critical and digital infrastructure operators to enhance OT cybersecurity measures connected to Operational Technology (OT) systems. CSA will be according to high priority to OT systems where a cyberattack could lead to significant physical or economic risks.   Highlights of the new OT cybersecurity strategy: Sectrio welcomes this initiative. Such a clear articulation of the risks emerging from OT and of the steps needed to contain such risks will go a long way in encouraging industry participants to do more to secure their OT in collaboration with CSA. The emphasis on developing talent is another important aspect that will feed significantly to the overall objective of securing critical infrastructure and digital information.

Singapore brings focus to its national OT cybersecurity strategy Read More »

WWS webinar nov

Addressing challenges in securing water and wastewater treatment facilities

According to the findings of the latest Sectrio Threat Landscape Report, water, and wastewater treatment facilities are among the most attacked sub-segments within critical infrastructure globally. Attacks on these facilities grew 156 percent in H1 2021 underscoring the need to improve security and deploy more robust measures to prevent breaches and attacks from succeeding. Earlier in the year, a team from Sectrio had interacted with cybersecurity leaders representing the sector. In our discussions, they were able to identify the following as the most important challenges that the sector is facing from a cybersecurity perspective: Lack of an integrated approach to securing various infrastructure components that are based on diverse technologies Identifying vulnerabilities and ways to combat them Micro Segmentation of networks to prevent lateral movement of malware Early detection of rogue assets and unauthorized activity Operating with contextual and relevant threat intelligence Sporadic low key anomalous activity was largely ignored (this could be non-persistent reconnaissance by malicious actors) Over the years, state-backed APT groups have fine-tuned their activity to slip below the radar of traditional perimeter-focused security measures. Water and wastewater treatment facility operators have however not upgraded their security measures to keep up with such trends. So what can be done by plant operators to secure their infrastructure? An ideal approach should start with visibility. Cybersecurity teams should also proactively swoop down and fix vulnerabilities before threat actors can try to exploit them. Plant operators also need to put in place a comprehensive risk management effort having the following components: Hackers often strike when plants are in the process of upgrading their infrastructure or adding new devices or assets. Before the new segments come online, the infrastructure as a whole should be tested for new vulnerabilities, open ports, and rogue devices Prioritize OT cybersecurity and align the outcomes with your threat and risk exposure levels using threat modeling Use OT and IoT cybersecurity solutions to gain visibility into operations from a cybersecurity standpoint and to identify anomalies Identify connected assets, networks, and the overall digital footprint of your operations Establish access control through multi-factor authentication Enforce micro segmentation across technology streams Collect passive data from the OT environment across devices and networks Use rich threat intelligence to detect threats Check the security certifications associated with OT and IoT devices Work to understand how IT risks can impact OT and vice versa Streamline audits and compliance measures to ensure that vulnerability assessment and remediation are conducted frequently across all environments To secure your water and wastewater utility business, we are offering a FREE security evaluation. This covers threats, vectors, risks, and simple and easy to deploy ways to deal with cyber threats. Take advantage of this special offer and book your consulting slot now. Book your slot now for a 1-1 consulting on securing Water and waste water treatment plants

Addressing challenges in securing water and wastewater treatment facilities Read More »

Untitled design 15

Cyber securing connected OT and IoT infrastructure in the Middle East

In the last 15 days, hackers in the Middle East and Africa region have added another sector to the list of their targets in the region. Cyberattacks on healthcare facilities in the region rose significantly over baseline levels during this period. Let us examine the causes and implications of this trend. Since 2019, we have seen cyberattacks by regional APT groups rise substantially. The primary targets were oil and gas facilities and utility infrastructure including facilities related to water treatment and distribution. These tit-for-tat attacks spilled over into the healthcare sector and now many established healthcare facilities are being targeted in the region. The common factor in both these segments is the potential for impacting ordinary citizens. As we have seen in the last 6 years, APT hackers often target facilities that can cause maximum disruption. Research by Sectrio has shown that hackers were targeting critical infrastructure through reconnaissance malware. Since most of these attacks went unchallenged within the networks of targeted institutions, hackers were able to gather plenty of information on data flow behavior within networks, security measures, device architectures, connection configurations, and information on privileges. Hackers used this data along with hijacked smart devices such as web cameras, connected home automation hardware, and connected devices deployed by manufacturers to target high-value infrastructure in the region. We expect such attacks to continue till the fall of 2024. This forecast is based on past cybersecurity measures we have seen in the region. Cyberattacks will continue to evolve in the meantime. The only way businesses can protect themselves is by investing in the right measures to contain cyberattacks and increase the distance between them and the hackers. These include: Developing a more comprehensive understanding of device topology to know what is connected and exactly what it is doing on the network Frequent vulnerability scans to detect and address vulnerabilities early OT and IoT devices should be checked for CVE vulnerabilities Operate with an OT-IoT-IT risk management model that emphasizes early detection and mitigation of threats Adopt cybersecurity frameworks such as Zero trust and IEC 62443 Use micro-segmentation to deploy granular cybersecurity policies as also to prevent lateral movement of malware Manage privileges Allow all components of the infrastructure to earn trust for connectivity and end-use Use the right threat intelligence to identify the latest and relevant threats We are offering a free OT-IoT cybersecurity assessment slot for select businesses in the Middle East and Africa region at GITEX 2021. Walk into H2-D1 at the World Trade Center or give us your details here to claim this offer.In case you prefer a more detailed meeting, do reach out to us at info@sectrio.com Don’t miss out on this exclusive offer. Book your free slot now.

Cyber securing connected OT and IoT infrastructure in the Middle East Read More »

Scroll to Top