Cyberattacks on IoT projects in the Asia-Pacific region and North America showed a minor rise this week. The countries affected were Singapore, Malaysia, Thailand, the USA, and Mexico.
The attacks were perpetrated using botnets that had IP addresses traceable to certain countries in Eastern Europe. Our threat intelligence team was able to isolate 4 waves of cyberattacks in which these attacks were carried out. Each wave used a different attack technique. While the attacks were not specifically targeting any entity, they were still sophisticated enough to warrant more attention.
IoT cybersecurity is being impacted by various factors including a lack of security by design approach. This leaves the door wide open for cyberattacks that involve privilege tampering, inbound and outbound DDoS attacks, execution of unauthorized codes and commands, and memory modification.
Malicious actors are also targeting sectors like manufacturing and utilities that use various industrial communication systems (ICS) and protocols. With the rise in the number of critical vulnerabilities that are serious and easy to exploit, hackers are now paying attention to these sectors like never before. Despite warnings from CERT teams in different countries, businesses are not doing enough to improve their vulnerability management and threat detection practices.
Lack of attention to vulnerabilities that impact control and operations management is a matter of concern and needs immediate attention.
Practices such as securing remote access, using zero-trust frameworks, moving away from perimeter-focused cybersecurity practices and tools, network segmentation, and ransomware protection can go a long way in improving ICS cybersecurity and consequently Operational Technology (OT) cybersecurity.
Entities belonging to these segments should be on their guard in the coming week:
- Government websites and agencies – especially lawmakers and government agencies connected with internal/homeland security
- Manufacturing plants and maritime agencies
- Defense establishments
- Utility entities
- Financial services
Download the Global Threat Landcaspe report now