Sectrio

OT

Securing water and wastewater treatment plants with defense-in-depth

In April this year, the intelligence community in the US issued a warning that adversarial entities were planning to target the country using cyberspace. States were wielding cyber operations as a means to achieve nefarious goals including causing destruction and disruption. Just 5 months down, we are already seeing a significant rise in the rate of background cyberattacks as well.Attacks on critical infrastructure related to public services is a problem that governments around the world are trying to manage. This problem is even more pronounced in the US, thanks to the number of adversarial entities that are targeting critical infrastructure in the country. In addition to over 7 evolved APT groups, there are over 39 documented hacker groups and malware developers that are working together or in isolation to target critical infrastructure in the US. Along with power plants and grids, it’s the water and wastewater management and treatment industry that is now bearing the brunt of sophisticated and persistent cyberattacks. A mix of existing vulnerabilities, lack of cyber hygiene practices, and visibility into network activity are among the key contributing factors. The infrastructure components that are most vulnerable to cyberattacks are valve stations, pumping stations, operations control centers, and treatment plant controllers. PLCs and SCADA systems along with switches and HMI are the specific components that are vulnerable. The addition of new devices to manage pumps and IoT devices that monitor flow and pressure are also vulnerable. Securing water and wastewater facilities This needs a multi-phase defense-in-depth approach that addresses vulnerabilities, detects rogue or unauthorized devices, shrinks threat surfaces, and prevents lateral movement of malware. Defense-in-depth involves fortifying infrastructure at various levels including intrusion detection, vulnerability scanning, micro segmentation, and threat lifecycle management.To detect cyberattacks, plant operators need rich and contextual threat intelligence. Each of these steps will help deter hackers and minimize threats to plant personnel and assets. Plant operators also need to invest in training their employees to prevent phishing attacks from succeeding. Defense-in-depth also requires visibility into supply chains to ensure integrity. Finally, by adopting the zero-trust framework, plant operators can prevent unauthorized activity.

Securing water and wastewater treatment plants with defense-in-depth Read More »

Cybersecurity is the need of the hour banner

GITEX 2021 key takeaway: OT and IoT cybersecurity is the need of the hour

Sectrio showcased its OT and IoT security solutions and threat intelligence offerings at the event. Through meetings and discussions with cybersecurity leaders, we were able to get a pulse on cybersecurity priorities in the region. As GITEX 2021, the most coveted and attended tech event in the Middle East region got over last week. We are sharing key insights from GITEX 2021 in this post.   Why is OT and IoT cybersecurity the need of the hour? Wish to learn more about managing vulnerabilities, monitoring your networks, and detecting threats? We are offering a free threat assessment exclusively for select businesses. To claim yours, do share your details here.

GITEX 2021 key takeaway: OT and IoT cybersecurity is the need of the hour Read More »

2 1

India Vs. Pakistan: cricket encounters on the field and digital battles off it

Highest amount of Cyberattacks recorded in India While yesterday was a big day for cricket fans in the Indian sub-continent. Cricket teams from India and Pakistan clashed in a T-20 encounter as part of the ICC Men’s T20 World Cup in Dubai. While the match was being held, we were able to record some interesting developments in cyberspace.    For the last 6 days, the number of inbound cyberattacks logged by our physical and virtual honeypots in India held steady in the region of about 3,00,000 attacks a day. On October 24th, however, the number of attacks rose substantially to hit the 490000 mark briefly before dipping significantly towards midnight Indian Standard Time. The cricket match was over by then. We are only considering the sophisticated attacks here (this does not include reconnaissance or low-grade probing).  Most of the cyberattacks were coming directly from IP addresses belonging to a certain country to the West of India (no prizes for guessing). There were also a few IP addresses from South East Asia and Eastern Europe that were participating in these attacks. These IP addresses belonged to known botnets which meant that they were being leveraged for coordinated event-based cyberattacks on the country.    While the spike in cyberattacks connected to a geopolitical event is now commonplace, it is the first time that such cyberattacks have been linked to a sporting event involving teams from the sub-continent.   Geopolitical developments and cyberattacks   Sectrio has in the past shown the links between geopolitical developments and cyberattacks in the Middle East, North America, and Southeast Asia. The mode of operation is more or less the same in all the cases which are that every spike in the volume of cyberattacks logged by our honeypot networks is linked to a geopolitical development in the region.   State-sponsored actors or nation-state groups are often behind such attacks. Third-party actors affiliated with state-backed actors are also activated by nation-state groups (or specifically their controllers) to increase the impact of such attacks. Even states that are not recognized by the United Nations have their own hacker groups that participate in such attacks. These groups earn foreign exchange or specifically hard currency for the treasuries of the states involved.    The cyber armory deployed by such groups has diversified in recent years with the induction of stealthy ransomware and advanced military-grade malware developed and sold by agencies backed by the cyber intelligence wings of nation-states. Malware dumps in the Dark Web and malware procured from groups that steal them from academic institutions and private labs and sell them through forums are also used in such attacks after modifying them enough to evade detection and to hide their origin.   Every possible outcome including disruption, espionage, and theft of critical and confidential information, deployment of trojans for long-term spying, and infrastructure monitoring are pursued by such groups. The targets include critical infrastructures such as water treatment plants, power grids, oil and gas infrastructure, key manufacturing facilities, stock exchanges, and defense installations.   To deter such cyberattacks, critical infrastructure needs to be secured on priority. OT elements, IoT devices and networks, and IT-based systems need to be diagnosed for vulnerabilities and cyber risks using sophisticated cybersecurity tools like micro segmentation, Vulnerability management, and contextual threat intelligence. Till such a time that cybersecurity receives more attention and action, such attacks will continue to grow in scale and impact.   

India Vs. Pakistan: cricket encounters on the field and digital battles off it Read More »

5 1

Singapore brings focus to its national OT cybersecurity strategy

Almost half a decade after it unveiled its cybersecurity strategy, Singapore brought in new amendments to its national plan to move towards a more proactive approach to address threats. It also brought in a new operational technology competency framework to provide a strong foundation for attracting and developing talent for the emerging OT sector in the country. This revision is a positive move and will yield dividends in the near term. The 2021 cybersecurity strategy underscores the attention Singapore has been paying to critical information infrastructure in the country. Singapore’s Cyber Security Agency has said that it is open to working with critical and digital infrastructure operators to enhance OT cybersecurity measures connected to Operational Technology (OT) systems. CSA will be according to high priority to OT systems where a cyberattack could lead to significant physical or economic risks.   Highlights of the new OT cybersecurity strategy: Sectrio welcomes this initiative. Such a clear articulation of the risks emerging from OT and of the steps needed to contain such risks will go a long way in encouraging industry participants to do more to secure their OT in collaboration with CSA. The emphasis on developing talent is another important aspect that will feed significantly to the overall objective of securing critical infrastructure and digital information.

Singapore brings focus to its national OT cybersecurity strategy Read More »

WWS webinar nov

Addressing challenges in securing water and wastewater treatment facilities

According to the findings of the latest Sectrio Threat Landscape Report, water, and wastewater treatment facilities are among the most attacked sub-segments within critical infrastructure globally. Attacks on these facilities grew 156 percent in H1 2021 underscoring the need to improve security and deploy more robust measures to prevent breaches and attacks from succeeding. Earlier in the year, a team from Sectrio had interacted with cybersecurity leaders representing the sector. In our discussions, they were able to identify the following as the most important challenges that the sector is facing from a cybersecurity perspective: Lack of an integrated approach to securing various infrastructure components that are based on diverse technologies Identifying vulnerabilities and ways to combat them Micro Segmentation of networks to prevent lateral movement of malware Early detection of rogue assets and unauthorized activity Operating with contextual and relevant threat intelligence Sporadic low key anomalous activity was largely ignored (this could be non-persistent reconnaissance by malicious actors) Over the years, state-backed APT groups have fine-tuned their activity to slip below the radar of traditional perimeter-focused security measures. Water and wastewater treatment facility operators have however not upgraded their security measures to keep up with such trends. So what can be done by plant operators to secure their infrastructure? An ideal approach should start with visibility. Cybersecurity teams should also proactively swoop down and fix vulnerabilities before threat actors can try to exploit them. Plant operators also need to put in place a comprehensive risk management effort having the following components: Hackers often strike when plants are in the process of upgrading their infrastructure or adding new devices or assets. Before the new segments come online, the infrastructure as a whole should be tested for new vulnerabilities, open ports, and rogue devices Prioritize OT cybersecurity and align the outcomes with your threat and risk exposure levels using threat modeling Use OT and IoT cybersecurity solutions to gain visibility into operations from a cybersecurity standpoint and to identify anomalies Identify connected assets, networks, and the overall digital footprint of your operations Establish access control through multi-factor authentication Enforce micro segmentation across technology streams Collect passive data from the OT environment across devices and networks Use rich threat intelligence to detect threats Check the security certifications associated with OT and IoT devices Work to understand how IT risks can impact OT and vice versa Streamline audits and compliance measures to ensure that vulnerability assessment and remediation are conducted frequently across all environments To secure your water and wastewater utility business, we are offering a FREE security evaluation. This covers threats, vectors, risks, and simple and easy to deploy ways to deal with cyber threats. Take advantage of this special offer and book your consulting slot now. Book your slot now for a 1-1 consulting on securing Water and waste water treatment plants

Addressing challenges in securing water and wastewater treatment facilities Read More »

Untitled design 15

Cyber securing connected OT and IoT infrastructure in the Middle East

In the last 15 days, hackers in the Middle East and Africa region have added another sector to the list of their targets in the region. Cyberattacks on healthcare facilities in the region rose significantly over baseline levels during this period. Let us examine the causes and implications of this trend. Since 2019, we have seen cyberattacks by regional APT groups rise substantially. The primary targets were oil and gas facilities and utility infrastructure including facilities related to water treatment and distribution. These tit-for-tat attacks spilled over into the healthcare sector and now many established healthcare facilities are being targeted in the region. The common factor in both these segments is the potential for impacting ordinary citizens. As we have seen in the last 6 years, APT hackers often target facilities that can cause maximum disruption. Research by Sectrio has shown that hackers were targeting critical infrastructure through reconnaissance malware. Since most of these attacks went unchallenged within the networks of targeted institutions, hackers were able to gather plenty of information on data flow behavior within networks, security measures, device architectures, connection configurations, and information on privileges. Hackers used this data along with hijacked smart devices such as web cameras, connected home automation hardware, and connected devices deployed by manufacturers to target high-value infrastructure in the region. We expect such attacks to continue till the fall of 2024. This forecast is based on past cybersecurity measures we have seen in the region. Cyberattacks will continue to evolve in the meantime. The only way businesses can protect themselves is by investing in the right measures to contain cyberattacks and increase the distance between them and the hackers. These include: Developing a more comprehensive understanding of device topology to know what is connected and exactly what it is doing on the network Frequent vulnerability scans to detect and address vulnerabilities early OT and IoT devices should be checked for CVE vulnerabilities Operate with an OT-IoT-IT risk management model that emphasizes early detection and mitigation of threats Adopt cybersecurity frameworks such as Zero trust and IEC 62443 Use micro-segmentation to deploy granular cybersecurity policies as also to prevent lateral movement of malware Manage privileges Allow all components of the infrastructure to earn trust for connectivity and end-use Use the right threat intelligence to identify the latest and relevant threats We are offering a free OT-IoT cybersecurity assessment slot for select businesses in the Middle East and Africa region at GITEX 2021. Walk into H2-D1 at the World Trade Center or give us your details here to claim this offer.In case you prefer a more detailed meeting, do reach out to us at info@sectrio.com Don’t miss out on this exclusive offer. Book your free slot now.

Cyber securing connected OT and IoT infrastructure in the Middle East Read More »

Scroll to Top