Page 214 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 214

Increasing OT threat landscape

            The terrain of the OT threat landscape is changing with the rhythms of Industry 4.0, industrial IoT, and
            digital transformation. Stuxnet was one of the first pieces of malware specifically designed to target an
            industrial control system (ICS) and caused the first major OT cyber incident. This kind of attack was
            unlikely in an OT environment until 2017, when a worm called WannaCry propagated extremely widely.
            In the aftermath many different kinds of malware emerged, and malicious actors began putting serious
            work  into  designing  targeted  ransomware  attacks  to  exploit  specific  industry  verticals.  The  greater
            productivity promised by modern technologies drives manufacturers to embrace them and to take the
            risk of opening the door further to networking and the internet. However, every advancement brings with
            it new attack surfaces, and the potential for another, even more aggressive wave of cyberattacks.

            Finally, as a decentralized, untraceable digital currency, Bitcoin is the perfect means by which criminals
            can collect ransoms without fear of the payment being tracked to reveal their identities. These factors
            ensure the continual shifting of the threat landscape. Once attackers have created a new form of malware,
            the malware typically gets into an OT environment through insider threats or external cyberattacks.



            Insider threats and external attacks

            Insider threats can be either unintentional or intentional. In an unintentional case, an employee or third-
            party visitor, unknowingly brings an infected device onto the premises. An intentional case might result
            from a dissatisfied employee or one who has been paid by third parties to conduct sabotage. In both
            cases, unsecured USBs or laptops are the typical devices that transmit threats.

            External cyberattacks often begin in the IT network, most commonly start with a phishing attack and
            usually take the form of ransomware or bots. Ransomware encrypts assets and offers them back to
            stakeholders at a high price. Bots usually allow attackers to prepare for or set up the rest of the attack,
            e.g.,  allowing  them  to  take  direct  control  of  systems,  execute  applications,  or  collect  important
            information. Once attackers have compromised the control center network, it’s very easy for them to
            spread  malware  and  escalate  privileges  in  different  levels  of  the  system.  Effects  can  include  entire
            production cycle shutdown, damage to assets, or human endangerment.



            Network segmentation vs. cyberattacks

            Network segmentation has become a common means for organizations to repel modern cyberattacks,
            and this practice not only strengthens cybersecurity but also helps to simplify management. As quarantine
            for malware is built into the network’s design, if an asset gets infected, only that segment will be affected.
            The  options  for  intruders  are  drastically  reduced,  and  they  will  be  unable  to  move  laterally.  For  IoT
            devices, it allows the data and control paths to be separated, making it more challenging for attackers to
            compromise devices. Even if one production line is affected by a cyberattack, the threat will be contained
            so that the others can continue to work.









                                                                                                            214
   209   210   211   212   213   214   215   216   217   218   219