The common vulnerabilities leaving industrial systems open to attack

The Transform Technology Summits start October 13th with Low-Code/No Code: Enabling Enterprise Agility. Register now!

The industrial sector was the second most targeted by malicious actors in 2020, when data extortion became a primary tactic and attacks skyrocketed. Overall, the year saw more cyberattacks than the past 15 years combined. And the trend has unfortunately persisted throughout this new year — industrial systems continue to come under siege by ransomware, and attacks on critical infrastructure like the Colonial Pipeline and JBL, the world’s largest meat processor, show just how high the stakes are.

The good news is that we do know where many of the vulnerabilities lie. Recent research from industrial security company Claroty, which uncovered many “critical” vulnerabilities in industrial control systems, also laid out which specific vendors are putting industrial enterprises at risk. Now a new report from security company Positive Technologies has revealed the most common industrial vulnerabilities.

The findings

According to the research, industrial systems are especially open to attack when there’s a low level of protection around an external network perimeter that is accessible from the internet. Device misconfigurations and flaws in network segmentation and traffic filtering are also leaving the industrial sector particularly vulnerable. Lastly, the report also cites the use of outdated software and dictionary passwords as risky vulnerabilities.

To uncover these insights, the researchers set out to actually imitate hackers and see what path they’d take to gain access.

“When analyzing the security of companies’ infrastructure, Positive Technologies experts look for vulnerabilities and demonstrate the feasibility of attacks by simulating the actions of real hackers,” reads the report. “In our experience, most industrial companies have a very low level of protection against attacks.”

Once inside the internal network, Positive Technologies found that attackers can obtain user credentials and full control over the infrastructure in 100% of cases. And in 69% of cases, they can steal sensitive data, including email correspondence and internal documentation. Even more concerning, at 75% of the industrial companies that Positive Technologies’ experts tried, they were able to gain access to the technological segment of the network. Overall, 2020 research from the company revealed that in 91% of industrial organizations, an external attacker can penetrate the corporate network.

Protecting industrial systems

“More than anywhere else, the protection of the industrial sector requires modeling of critical systems to test their parameters, verify the feasibility of business risks, and look for vulnerabilities,” concludes the report.

Specifically, the researchers recommend industrial enterprises look to a cyber-range simulation of risks, which they say can assess the security of production systems without disrupting real business processes. This is a crucial challenge in the industrial sector, because many of these systems can’t simply be turned off for regular evaluation.

“Cyber-range simulation of risks reveals the criteria of their actuation, that is, the preconditions and possible consequences of such attacks,” the report continues. “This increases the efficiency of other security assessment tasks. In addition, a cyber-range is a place where information security specialists can test their skills in detecting and responding to incidents.”

Saumitra Das, cofounder and CTO of cloud native AI security company Blue Hexagon, responded to the research by noting that it’s particularly difficult to update and protect industrial control system software that use obscure protocols. He says segmenting the IT and OT/ICS networks, focusing on reducing the chances of someone penetrating the IT network, is key.

“Detecting attacks on the OT/ICS side is also good, but is usually very late and risky,” he added. “It’s like detecting ransomware that has begun to encrypt already. You want to detect and mitigate the foothold infection, rather than wait for the final payload.”

VentureBeat

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Source: Read Full Article