Cyber crooks plan target SCADA and ICS

Securing the critical infrastructure is now become a tier-less task for the CIO/CTO and CISO community. The report says after analyzing data gathered from millions of Fortinet devices to discern the state of cybersecurity for supervisory control and data acquisition (SCADA) and other industrial control systems (ICS). 2019 Operational Technology Security Trends Report from Fortinet says, the analysis found many attacks on OT systems that seems to target older devices running unpatched software, indicating that OT networks are increasingly being targeted by IT-based legacy attacks that are no longer effective against IT networks. The report also highlights a rise in purpose-built OT attacks designed to target SCADA and ICS systems.

The majority of these attacks tend to target the weakest parts of OT networks often taking advantage of the complexities caused by a lack of protocol standardization and a sort of implicit trust that seems to permeate many OT environments. This trend is not limited to specific sectors as threat actors targeting OT environments did not discriminate according to industry or geography, as every vertical and region saw a significant rise in attacks.

Key highlights of the report:

* Exploits increased in volume and prevalence in 2018 for almost every ICS/SCADA vendor. In addition to the recycled IT attacks being thrown at unpatched or non-updated OT devices, 85% of unique threats detected targeted machines running OPC Classic, BACnet, and Modbus.

* Cybercriminals targeted devices by exploiting the wide variety of OT protocols in place - many of which are specific to functions, industries and geographies. Due to the prevalence of legacy protocols and the slow replacement cycle for OT systems to deploy new architecture cybercriminals have actively attempted to capitalize by targeting the weak links in each protocol. These structural problems are exacerbated by the lack of standard protections and poor security hygiene practiced with many OT systems.

* Custom OT attacks are also on the rise. Malware targeting ICS and SCADA systems have been developed and deployed for a decade or longer. Attacks specifically designed for OT systems seems to be on the rise, with safety systems increasingly a target. A handful of OT-based attacks over the past decade have managed to make headlines, including Stuxnet, Havex, BlackEnergy, and Industroyer. Most recently, Triton/Trisis targeted safety instrumented system (SIS) controllers which is the first true cyber-physical attack on OT systems.

* Ransomware continues to attack OT systems: As of late 2018, ransomware attacks on IT systems have declined and many threat actors appear to have “moved on” to other types of attacks like cryptojacking. However, cybercriminals tend to recycle existing malware to attack OT systems. This may suggest that ransomware will be a bigger threat for OT systems than for IT ones in the near term.

* Attacks on heating, ventilation and air conditioning (HVAC) systems and electrical grids are more likely to occur when these systems are operating at peak usage-most often during the Northern Hemisphere’s summer months. The age of an OT system is also a factor, with adversaries tending to target older technology more frequently than newer.

Fortinet’s solutions consistently receive top scores from independent testing organizations such as NSS Labs. The security services enable visibility and control for next generation protection against advanced threats, including zero day attacks.

With FortiManager and FortiAnalyzer consolidated through a FortiGate, you can combine centralized configuration with reporting, visibility, and event logging to create a comprehensive, real-time network monitoring and control center, as well as demonstrate compliance.

Lastly, when the OT is connected to IT systems,the chances of attacks increases. This new exposure requires organizations to adhere to more rigorous security operations and life-cycle management best practices to protect their organizations from major threats to the core of their business.