Sectrio

Utilities

OT/ICS Security in the Power Sector

Complete Guide to OT/ICS Security in the Power Sector

Electricity, a resource often taken for granted, is the lifeblood of our modern world, powering our daily lives, industries, and economies. But the systems that generate, transmit, and distribute this essential resource are complex and interconnected, leaving them vulnerable to various threats. From natural disasters to cyberattacks, ensuring the power grid’s reliability, safety, and security is of utmost importance. This guide is your gateway to understanding the essential components of OT/ICS in the power sector and how they protect against unforeseen disruptions. It’s not just about convenience; it’s a matter of national significance. We will delve into the core of the matter, exploring the essence of OT/ICS and the technology that keeps the power flowing. This isn’t a casual matter; it’s about safeguarding national security and the day-to-day functioning of our lives. We will examine the risks and vulnerabilities that power systems face and the severe consequences of compromised infrastructure. A breach in this domain could not only interfere with our daily lives but also threaten national security. Through OT/ICS security, we will explore the challenges, solutions, and best practices that ensure the power sector continues to shine while keeping its vulnerabilities hidden in the shadows. We examine this critical area of infrastructure protection deeply, ensuring that our pursuit of progress remains illuminated, safe, and secure. Fundamentals of OT/ICS in the Power Sector Operational technology (OT) and industrial control systems (ICS) in the power sector form the backbone of the critical infrastructure that ensures a continuous and reliable electricity supply to homes, businesses, and industries. Understanding the fundamentals of OT/ICS in the power sector is essential to appreciating their significance and the security measures needed to protect them. What Is OT/ICS? Operational technology (OT) refers to the hardware and software used to monitor and control physical devices and processes in the power sector. This includes sensors, programmable logic controllers (PLCs), Human-Machine Interfaces (HMIs), and other control systems. Industrial Control Systems (ICS) is a broader set of technologies, including both hardware and software, that manage and automate industrial operations. They encompass Supervisory Control and Data Acquisition (SCADA) systems and Distributed Control Systems (DCS). Explore Sectro’s OT/ICS and IoT Cybersecurity for electric utilities Key Components and Technologies A. Supervisory Control and Data Acquisition (SCADA) Systems SCADA systems are the backbone of power grid control. They provide real-time monitoring and control of remote equipment and processes. Key aspects include: B. PLCs (Programmable Logic Controllers) PLCs are specialized computers used to control various processes and equipment. They are typically used in substations and power plants in the power sector. They execute control logic and respond to commands from the SCADA system, ensuring that devices such as transformers and generators operate as required. C. HMIs (Human-Machine Interfaces) HMIs provide a visual representation of the system’s status and control capabilities to human operators. They often include graphical displays, alarms, and the ability to interact with SCADA systems to make control decisions. D. RTUs (Remote Terminal Units) RTUs are remote monitoring devices used in substations and other remote locations. They collect data from sensors and send this information to the SCADA system, allowing operators to monitor the status and performance of equipment in real time. RTUs can also be programmed to respond to specific events or conditions. E. Communication Protocols 1. Communication protocols are essential for the exchange of data and control commands within the OT/ICS systems. These include: 2. OPC (OLE for Process Control): Enables the exchange of data between different control systems and devices. F. Data Historian Data historians store historical data collected by SCADA systems for analysis, reporting, and troubleshooting. This data can help identify trends, anomalies, and issues in the power grid. G. Security Measures Security components are crucial for protecting OT/ICS systems in the power sector. These include H. Redundancy and Fail-Safe Mechanisms: To ensure system reliability, redundancy and fail-safe mechanisms are often implemented. Redundancy implies that if one component fails, another can take over without causing a system outage. The Role of OT/ICS in the Power Industry OT/ICS systems is the nervous system of the power sector. They play a crucial role in the following: A. Power Generation: Managing and controlling power plants to optimize electricity production. B. Transmission: Monitoring high-voltage power lines and ensuring efficient electricity flow. C. Distribution: Controlling substations and ensuring electricity is distributed reliably to consumers. They enable remote monitoring, automation, and rapid response to faults, helping to maintain grid stability. Risks and Vulnerabilities A. Cybersecurity Threats OT/ICS systems are vulnerable to cyberattacks, which can disrupt operations, compromise safety, and lead to financial losses. B. Physical Threats Natural disasters, physical intrusions, and accidents can damage or disrupt power infrastructure. C. Human Error Misconfigurations or operational mistakes can have far-reaching consequences in the power sector. Understanding these fundamentals is the first step in comprehending the challenges and the need for robust security measures to protect OT/ICS in the power sector. In the subsequent sections of this guide, we will delve deeper into these challenges and explore effective security strategies and best practices to safeguard this critical infrastructure. Threat Landscape in the Power Sector The threat landscape in the power sector refers to the various cybersecurity threats and vulnerabilities that exist in the industry. These threats pose substantial risks to the stability, reliability, and safety of the power infrastructure, making it a critical area of concern.  Understanding the threat landscape is vital for power companies to develop effective security strategies and measures to protect their OT and ICS. Below are the critical aspects of the threat landscape in the power sector: Cybersecurity Threats Vulnerabilities The Consequences of Successful Attacks The threat landscape in the power sector is complex and ever-evolving. Power companies need to proactively address cybersecurity threats and vulnerabilities by combining advanced technology, robust policies, employee training, and collaboration with regulatory bodies and the broader cybersecurity community to protect critical infrastructure and ensure a reliable supply of electrical power. Risk Assessment and Management Risk assessment and management are fundamental processes in cybersecurity and critical infrastructure protection. They

Complete Guide to OT/ICS Security in the Power Sector Read More »

Looking-ahead-of-CEA-guidelines-to-secure-the-power-sector-in-India

Looking ahead of CEA guidelines to secure the power sector in India

India’s Central Electricity Authority (CEA) issued the Cyber Security in Power Sector Guidelines 2021 in October 2021. The comprehensive guidelines are intended to help all power sector entities in India take measured steps to improve their overall cybersecurity posture and protect critical infrastructure from cyber attacks through specific interventions. The guidelines cover a wide gamut of topics, including: Information security management It outlines a set of requirements for establishing an information security management system (ISMS) in power sector entities. OT/ICS Asset management The guidelines offer inputs on how to identify, classify, and manage assets in the power sector. OT/ICS Risk assessment The guidelines elaborate on ways to conduct risk assessments on IT and operational technology (OT) systems used by responsible entities in the sector OT/ICS Security controls The guidelines list a number of security controls that should be implemented by the power sector entities. Incident response The guidelines also offer guidance in responding to cyber incidents in the power sector. The CEA cybersecurity guidelines 2021 can serve as an important foundational platform for securing power sector entities in India. By adopting these guidelines, responsible entities can address various cybersecurity gaps and plan and deploy interventions on priority to secure their infrastructure.     Highlights of the guidelines: Responsible entities Responsible entities, as per the guidelines are those entities that serve various roles in the power sector and are sector participants with significant exposure to cyber threats. These entities include power generation companies, transmission companies, distribution companies, OEMs and system operators. Information security management system The guidelines require responsible entities to establish and maintain an ISMS. The ISMS should be based on the international standard ISO 27001. OT/ICS and IoT Asset management The guidelines require responsible entities to identify, classify, and manage all assets in the power sector. This includes IT assets, OT assets, and physical assets. OT/ICS and IT Risk assessment The guidelines require responsible entities to conduct risk assessments of IT and OT systems. The risk assessments should be based on the international standards ISO/IEC 27005 and IEC 62443. OT/ICS Security controls The guidelines list several security controls that should be implemented in power sector entities. These controls include access control, data encryption, and incident response. OT/ICS Incident response The guidelines provide guidance on responding to various types of cyber incidents covering steps such as detection, containment, eradication, and recovery. Access controls: All REs must put in place controls that enable access management in a secure manner Complying with CEA guidelines: Sectrio can help power entities comply with CEA guidelines in a structured manner. With its extensive experience in critical infrastructure (specifically the power sector), Sectrio can enable power companies to address the requirements suggested by the guidelines as well as be prepared to comply with the power sector cybersecurity regulation, which is on the horizon. Here are a few ways in which Sectrio can help power sector entities in India: CEA Requirement How Sectrio helps address this mandate Continued scanning of all systems for any vulnerability/malware as per the SOP laid down, and for all such activities, digital logs are maintained and retained under the custody of CISO for at least 6 months. Sectrio’s vulnerability management module and threat detection modules can meet this need. The first one detects any vulnerability arising from a lack of patches, misconfigurations, or the addition of a device with pre-existing vulnerabilities. The assessments will be comprehensive across locations and assets, providing a detailed report on the findings with logs as well. The Responsible Entity shall have a Cyber Security Policy drawn upon the guidelines issued by NCIIPC. Sectrio can help power companies develop a comprehensive cyber security policy, including governance, RACI matrix, and other rules aligned to NCIIPC guidelines RE must secure cyber assets through updates, patching, testing, configuration security, and additional controls Sectrio can ensure early detection of exploits, and it can also flag assets that are not secure, unpatched, misconfigured, or not inventoried. Potential gaps can also be highlighted along with exposed and exploitable threat surfaces.  Cyber Risk Assessment and Mitigation Plan – Document and implement a Cyber Risk Assessment and Mitigation Plan Such a plan can be put in place by Sectrio’s team in collaboration with the relevant team from the power company. The plan will also have a roadmap component to ensure the scaling of all security measures. REs must implement ISMS and audit IT and OT systems yearly with CERT-In empaneled cyber security OT auditors. Sectrio is a CERT-In empaneled cyber security OT auditor, and we also have extensive experience in conducting similar work. Identification of Critical Information Infrastructure (CII) Res must provide information on their cyber assets, critical business processes & information infrastructure to NCIIPC Sectrio’s solution can help inventory assets covering information on each asset in detail available in one click. Only identifiable whitelisted devices are used to download or upload any data or information from their internet-facing IT system. Sectrio’s solution can help inventory assets and their digital footprint and identify their functions and activities on the network. The CISO manages a list of whitelisted IP addresses for each firewall, and each firewall is set up to only permit communication with the whitelisted IP addresses. Our solution can help identify any deviation from the set communicated communication rules through a white list. It can also identify and block communications to a blacklisted or suspicious IP as well. The Cyber Security Policy must include specific information about the process of Access Management for all cyber assets that the Responsible Entity owns or controls. Access management at a device level can be controlled to ensure that only permitted services and devices are allowed to interact.  Through its Information Security Division, the Responsible Entity shall be solely responsible for implementing the Cyber Security Policy (ISD). Sectrio can work with the responsible entity for implementing the CSD and improving its implementation. Sabotage reporting: responsible entity must incorporate procedures for identifying, reporting, and preserving records of cyber sabotage Sabotage attempts through cyberattacks can be blocked by Sectrio’s solution. This

Looking ahead of CEA guidelines to secure the power sector in India Read More »

Cybersecurity considerations and recommendations for securing distributed energy resources on power grids

Cybersecurity considerations and recommendations for securing distributed energy resources on power grids

A recent report prepared by the U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response and the Office of Energy Efficiency and Renewable Energy highlights the cybersecurity considerations to be taken into account for distributed energy resources (DER), such as solar, storage, and other clean energy technologies. The report also outlines the growing risks that will emerge at a grid level in the next decade. With the proliferation of diffused and distributed clean energy resources, sites are being set up with a sense of urgency around the world. The ongoing conflict in Ukraine and the rising prices of fossil fuel products are pushing governments and other players to look at renewable energy as a short- and long-term solution to reduce resilience on costly and carbon-intensive fuels. lso Read: How to get started with OT security Without adequate security, such systems could serve as entry points for hackers or end up facilitating a cyberattack. It is therefore essential to secure these systems from origin, deployment, integration, use, and maintenance standpoints to minimize any risks to power grids or other assets or the reliability of the power supply.     Definition of Distributed Energy Resources The report defines DERs as “small-scale power generation, flexible load, or storage technologies (typically from 1 kilowatt to 10,000 kilowatts) that can provide an alternative to, or an enhancement of, the traditional electric power system”. DERs can be located “on an electric utility’s distribution system, a subsystem of the utility’s distribution system, or behind a customer’s meter.” Due to changing power generation models, DERs can now be connected to the grid at various points and it is pertinent to take the threats posed by them to the grid into account while planning operational resilience measures and overall availability of the grid at all times. Key trends mentioned by the report Recommendations The main recommendations proposed by the report for improving distributed energy resources security include: Recommended resources: Want to learn more about OT security? Talk to an OT cybersecurity expert from your industry now. We are giving away threat intelligence for free for the next 2 weeks. Find out how you can sign up and try out our threat intelligence feeds Download our cybersecurity awareness kits   Find out what is lurking in your network. Go for a comprehensive 3-layer threat assessment now

Cybersecurity considerations and recommendations for securing distributed energy resources on power grids Read More »

why cybersecurity leaders should be worried about dead drops 1

Bleeding data: why cybersecurity leaders should be worried about dead drops

Wikipedia defines a dead drop or dead letter box is a method of espionage tradecraft used to pass items or information between two individuals using a secret location. In cyberspace, however, a variant of this tradecraft has emerged in the last few years. This involves rogue insiders in organizations dumping valuable data including credentials, network information, or even ways to bypass security measures in online forums or the Dark Web. They expect hackers to find and use this data to target their organization as a means of exacting revenge or settling scores as the case may be.  We are encountering many such data dumps across forums now as dead drops. In the last few months, the number of such drops encountered by our research team has risen steadily enough to warrant concern and action. Insiders are compromising even highly confidential information belonging to employees such as pitch decks, pricing documents, and meeting minutes. From the shop floor, production schedules, device information (including patch status in some instances), machinery information, default system control passwords for remote devices, and more are compromised.  More than the loss of data, it is the exploitation of such data that should worry businesses. It also represents the failure of data protection measures at many levels. Such drops are also making it easier for hackers to breach networks and systems and encrypt data and demand ransom for its release.    Dealing with the insider threat (Dead Drops) The US Cybersecurity and Infrastructure Agency (CISA) recommends the institutionalization of preventive measures. This includes the establishment of an Insider Threat(Dead drops) Program Office to work towards progressively lowering this threat. It also recommends detection and managing access by gathering and investigating incident and threat information, assess and categorize those risks; then implement management strategies to mitigate the threats.   In addition to these, businesses can also establish perimeters around information and only allow logged access on a need-to-know basis to avoid dead drops. No information should be published in a place where it can be accessed without leaving a trail behind. Information audits should also be conducted periodically to identify data that has been stored or accessed without adequate access management measures or permission.       Even discussions on sensitive data should be discouraged outside the group that needs to access and use that data.   In case of a breach, through a detailed forensic investigation, the source of the breach should be identified.   How can Sectrio help  Sectrio’s products for IoT-OT and IT security can help detect cyber-attacks early and prevent them from succeeding. Our products are designed to offer critical infrastructure-grade security to protect your data and assets from hackers and other malicious actors.   Sectrio is a leading IoT and OT cybersecurity vendor. Our offerings include:  Vulnerability management module: helps identify and address vulnerabilities and prevent hackers from exploiting them. Discover authenticated and rogue devices.  Threat management module: gain deep insights into network activity to detect threats    Micro segmentation module: deploy compliance measures at a granular level, prevent lateral movement of malware. IoT-OT-IT Converged Security Suite: secure systems across IoT, OT, and IT; prevent attacks and movement of malware and threats Threat intelligence: Together with a strong insider threat management program, our offerings can secure your business.   To see how our offerings can help your business, book a demo now.  

Bleeding data: why cybersecurity leaders should be worried about dead drops Read More »

The evolving cyber threat landscape in the Middle East and its implications for regional businesses 1

The evolving cyber threat landscape in the Middle East and its implications for regional businesses

As per Sectrio’s Threat Landscape Report for H1 2021, Cyber-attacks on Middle Eastern entities continued to rise this year with more cyberattacks logged from 5 known clusters outside the region targeting critical infrastructure, manufacturing, utilities, and oil and gas sectors. Most of these attacks were characterized by: An exponential increase in the degree of sophistication  A strong geopolitical connect  The timing of the attacks was designed to coincide with major offline events including the onset of holidays, reopening of offices, and even government to government discussions Malware deployed in the region showed higher levels of new codes and segments indicating that the hackers may be working towards exclusively targeting entities in the region or using the region as testing grounds Attacks on manufacturing registered a 200 percent rise  New APT clusters have sprung up within the region and are now targeting strategic sectors of the economy in countries like Saudi Arabia, UAE, and Oman The level of activity associated with regional and external APT actors continues to be a source of concern. Some of these players are also collaborating by exchanging information on vulnerabilities and privileges some of which seem to have come from rogue insiders. There is also evidence for an increase in the number of dead drops (data willingly and illegally released by disgruntled insiders) across the UAE, Bahrain, Kuwait, and Oman. Download the Global threat landscape report for H1, 2021 today Attacks on oil and gas entities and manufacturing sectors continue to rise disproportionately. Through infrastructure optimization measures, many new devices and systems were introduced into the networks of companies in these two sectors across 2020 and 2021. These devices are introducing new vulnerabilities into the system and creating opportunities for large-scale breaches to occur in the future. Key takeaways from the global threat landscape report for the Middle East region: Businesses need to do a lot more to detect and address vulnerabilities and rogue insider activity OT cybersecurity is not getting as much attention as it should. Businesses should look at identifying a credible OT security vendor like Sectrio to address challenges related to OT, SCADA, and ICS security The window of opportunity available for hackers to exploit has expanded since the pandemic began. The data stolen from businesses in the initial days of the pandemic continue to appear on the Dark Web and other forums Several vulnerabilities have emerged in 2021 chiefly due to a lack of discipline with patching and deploying updates IoT security took a back seat because of the availability of cheaper and untested devices Businesses need to urgently revisit their cybersecurity posture and work towards adding more layers of security to protect their infrastructure  Worried about your cybersecurity posture, talk to us and we will help you address challenges related to OT and IoT security. As a leading IoT and OT cybersecurity vendor, Sectrio has the solutions and consulting expertise to help. Talk to us today.

The evolving cyber threat landscape in the Middle East and its implications for regional businesses Read More »

how to secure and setrengthen water and wastewater treatment plants from cyberattacks

Strengthening implementation of America’s Water Infrastructure Act of 2018 to secure water and wastewater treatment plans

Problem statement: improving cybersecurity in water and wastewater treatment plants Solution: use a multi-phased approach targeting vulnerabilities and use of cybersecurity best practices to deter, detect and contain cyberattacks  The average water plant doesn’t have a cybersecurity expert on its rolls and that is just one part of the problem. Another part has to do with the emergence of sophisticated hacker groups that are working to target such facilities. The last part has to do with many vulnerabilities in the IoT and OT systems that remain unaddressed due to various reasons. Fact: in October 2021, cyberattacks on water and wastewater treatment plants rose 7 percent across the globe. Source: Sectrio Threat Research Team Impact of a cyberattack on a water and wastewater treatment plant Through a potential breach, a hacker could potentially control key parts of the plant. This includes the pumping system, valve control, and even the control room. All these components are either powered by OT systems like SCADA and PLC or have some degree of automation enabling remote management. By being in control, the hacker can add or remove some chemicals that are added to the water being treated rendering the water unfit for human consumption, or in the case of wastewater, it may not be suitable for release into the environment. While the problem is being tackled by operators regulatory interventions can help nudge operators to move faster. In the US, America’s Water Infrastructure Act of 2018 or AWIA is a step in that direction. AIWA’s stated objectives include improving drinking water and water quality, deepening infrastructure investments, enhancing public health and quality of life, increasing jobs, and bolstering the economy.   Implications of AIWA The Act which was signed into law in October 2018, mandates community water systems that serve a population of over 3,300 persons to conduct a risk and resilience assessment of all systems. This includes assessing the state of security of any electronic, computer, or other automated systems that the community water system uses. While this Act has been in existence for nearly 3 years now, there have been some major cyberattacks against water treatment facilities in the US. These attacks have occurred due to a lack of diligence and a lack of understanding of the threat environment and risk factors that impact the functioning of such facilities. How water treatment plants can improve IoT, OT, and IT cybersecurity Water distribution and water treatment operators have to pay more attention to the type of attacks that are happening around them. In addition, they also need to understand the mode of attacks and the mechanisms that could be used to detect, contain and remediate such attacks. As critical infrastructure, all elements of plant operation and management have to be accorded the highest level of priority. Operators need to pay attention to the following: Vulnerability detection and remediation Getting the right threat intelligence to detect threat vectors Prevent rapid and unchecked expansion of threat surfaces No untested and unchecked device or component should be added to the plant infrastructure. Each device should be tested for vulnerabilities Networks should be segmented and micro segmented to ensure more control over activities Prepare a roadmap for plant cybersecurity covering IoT, IT, and OT assets Embrace frameworks such as Zero Trust and IEC 62443 to ensure integration of sound cybersecurity practices at all levels of operations Such measures will help strengthen the implementation of America’s Water Infrastructure Act and secure the plant from sophisticated actors and malware to some extent. More diligence will however be needed continually to ensure that plant machinery and operations are kept safe and secure.  Key takeaways Plant security has to be addressed at multiple levels Unless there is a clear understanding and appreciation of the threat environment that surrounds public utility infrastructure and the need to protect them, such assets cannot be secured Networks and infrastructure have to be secured through best practices A roadmap for security is essential and will serve as a guide to scale cybersecurity practices Frameworks will act as force multiplier Plant employees have to be sensitized  Watch the ON demand webinar here:Cyberattack Prevention for the Water & Wastewater Industry

Strengthening implementation of America’s Water Infrastructure Act of 2018 to secure water and wastewater treatment plans Read More »

Securing water and wastewater treatment plants with defense-in-depth

In April this year, the intelligence community in the US issued a warning that adversarial entities were planning to target the country using cyberspace. States were wielding cyber operations as a means to achieve nefarious goals including causing destruction and disruption. Just 5 months down, we are already seeing a significant rise in the rate of background cyberattacks as well.Attacks on critical infrastructure related to public services is a problem that governments around the world are trying to manage. This problem is even more pronounced in the US, thanks to the number of adversarial entities that are targeting critical infrastructure in the country. In addition to over 7 evolved APT groups, there are over 39 documented hacker groups and malware developers that are working together or in isolation to target critical infrastructure in the US. Along with power plants and grids, it’s the water and wastewater management and treatment industry that is now bearing the brunt of sophisticated and persistent cyberattacks. A mix of existing vulnerabilities, lack of cyber hygiene practices, and visibility into network activity are among the key contributing factors. The infrastructure components that are most vulnerable to cyberattacks are valve stations, pumping stations, operations control centers, and treatment plant controllers. PLCs and SCADA systems along with switches and HMI are the specific components that are vulnerable. The addition of new devices to manage pumps and IoT devices that monitor flow and pressure are also vulnerable. Securing water and wastewater facilities This needs a multi-phase defense-in-depth approach that addresses vulnerabilities, detects rogue or unauthorized devices, shrinks threat surfaces, and prevents lateral movement of malware. Defense-in-depth involves fortifying infrastructure at various levels including intrusion detection, vulnerability scanning, micro segmentation, and threat lifecycle management.To detect cyberattacks, plant operators need rich and contextual threat intelligence. Each of these steps will help deter hackers and minimize threats to plant personnel and assets. Plant operators also need to invest in training their employees to prevent phishing attacks from succeeding. Defense-in-depth also requires visibility into supply chains to ensure integrity. Finally, by adopting the zero-trust framework, plant operators can prevent unauthorized activity.

Securing water and wastewater treatment plants with defense-in-depth Read More »

Cybersecurity is the need of the hour banner

GITEX 2021 key takeaway: OT and IoT cybersecurity is the need of the hour

Sectrio showcased its OT and IoT security solutions and threat intelligence offerings at the event. Through meetings and discussions with cybersecurity leaders, we were able to get a pulse on cybersecurity priorities in the region. As GITEX 2021, the most coveted and attended tech event in the Middle East region got over last week. We are sharing key insights from GITEX 2021 in this post.   Why is OT and IoT cybersecurity the need of the hour? Business leaders were interested in learning more about improving their cybersecurity posture at an enterprise level. 2 out of 3 leaders we spoke to indicated that they were planning to invest in network monitoring, Micro Segmentation, threat intelligence and vulnerability management solutions over the next 180-270 days OT Threat Management has emerged as a key interest area for 2022. There is a mandate to implement necessary controls, and this is contributing significantly to this trend Most of the attendees were concerned about the growing sophistication of cyberattacks. With hackers using AI and ML extensively, cyberattacks are now carried out with more automation and stealth   Network monitoring solutions are becoming more integral to the overall business enablement infrastructure as new threats emerge due to the sudden increase in the threat surface area due to the convergence of IT-OT-IoT networks IT and OT networks in manufacturing are no longer siloed. There is now a clear integration of OT networks with IT (particularly when it comes to sharing production data with ERP systems). Thus, there is a definite need for Network monitoring solutions to identify and address the unique threats that emerge from such a convergence and data sharing With critical infrastructure, governments are increasing their investments in IoT. This has given rise to new use cases such as FOG trapping and monitoring and these need to be protected against targeted cyberattacks  Cybersecurity leaders showed a more interest in contextual and region-specific threat intelligence. This is an area where many platforms were found wanting as they were unable to or did not provide regional and contextual threat intelligence   Wish to learn more about managing vulnerabilities, monitoring your networks, and detecting threats? We are offering a free threat assessment exclusively for select businesses. To claim yours, do share your details here.

GITEX 2021 key takeaway: OT and IoT cybersecurity is the need of the hour Read More »

2 1

India Vs. Pakistan: cricket encounters on the field and digital battles off it

Highest amount of Cyberattacks recorded in India While yesterday was a big day for cricket fans in the Indian sub-continent. Cricket teams from India and Pakistan clashed in a T-20 encounter as part of the ICC Men’s T20 World Cup in Dubai. While the match was being held, we were able to record some interesting developments in cyberspace.    For the last 6 days, the number of inbound cyberattacks logged by our physical and virtual honeypots in India held steady in the region of about 3,00,000 attacks a day. On October 24th, however, the number of attacks rose substantially to hit the 490000 mark briefly before dipping significantly towards midnight Indian Standard Time. The cricket match was over by then. We are only considering the sophisticated attacks here (this does not include reconnaissance or low-grade probing).  Most of the cyberattacks were coming directly from IP addresses belonging to a certain country to the West of India (no prizes for guessing). There were also a few IP addresses from South East Asia and Eastern Europe that were participating in these attacks. These IP addresses belonged to known botnets which meant that they were being leveraged for coordinated event-based cyberattacks on the country.    While the spike in cyberattacks connected to a geopolitical event is now commonplace, it is the first time that such cyberattacks have been linked to a sporting event involving teams from the sub-continent.   Geopolitical developments and cyberattacks   Sectrio has in the past shown the links between geopolitical developments and cyberattacks in the Middle East, North America, and Southeast Asia. The mode of operation is more or less the same in all the cases which are that every spike in the volume of cyberattacks logged by our honeypot networks is linked to a geopolitical development in the region.   State-sponsored actors or nation-state groups are often behind such attacks. Third-party actors affiliated with state-backed actors are also activated by nation-state groups (or specifically their controllers) to increase the impact of such attacks. Even states that are not recognized by the United Nations have their own hacker groups that participate in such attacks. These groups earn foreign exchange or specifically hard currency for the treasuries of the states involved.    The cyber armory deployed by such groups has diversified in recent years with the induction of stealthy ransomware and advanced military-grade malware developed and sold by agencies backed by the cyber intelligence wings of nation-states. Malware dumps in the Dark Web and malware procured from groups that steal them from academic institutions and private labs and sell them through forums are also used in such attacks after modifying them enough to evade detection and to hide their origin.   Every possible outcome including disruption, espionage, and theft of critical and confidential information, deployment of trojans for long-term spying, and infrastructure monitoring are pursued by such groups. The targets include critical infrastructures such as water treatment plants, power grids, oil and gas infrastructure, key manufacturing facilities, stock exchanges, and defense installations.   To deter such cyberattacks, critical infrastructure needs to be secured on priority. OT elements, IoT devices and networks, and IT-based systems need to be diagnosed for vulnerabilities and cyber risks using sophisticated cybersecurity tools like micro segmentation, Vulnerability management, and contextual threat intelligence. Till such a time that cybersecurity receives more attention and action, such attacks will continue to grow in scale and impact.   

India Vs. Pakistan: cricket encounters on the field and digital battles off it Read More »

Scroll to Top