CyberX global study finds systems that monitor and control physical processes can be easily infiltrated.
BOSTON — Canadian manufacturers who are not overly concerned about cybersecurity risks should be.
A study by CyberX, the industrial cybersecurity company in Framingham, Ma., has released its Global ICS & IIoT Risk Report, which shows operational technology (OT) networks from a variety of industrial sources are vulnerable to attacks.
CyberX looked at production traffic collected from passive monitoring of 375 energy and utilities, manufacturing, pharmaceuticals, chemicals, and oil and gas networks worldwide used with specialized industrial control systems. These systems monitor and control physical processes, such as assembly lines, mixing tanks and blast furnaces.
The data shows many OTs are exposed to the public internet and easily infiltrated using simple means such as plain-text passwords. Lack of even basic protections such as anti-virus programs can enable attackers to quietly perform reconnaissance before sabotaging physical processes.
CyberX warns once attackers get into an OT network — either via the internet or by using stolen credentials to pivot from corporate IT systems to OT networks — it’s relatively easy to move around and compromise industrial devices.
Here are some highlights from the findings:
• One-third of industrial sites are connected to the internet, making them accessible by hackers and malware exploiting vulnerabilities and misconfigurations. This also explodes the myth that OT networks don’t need to be monitored or patched because they’re isolated from the internet via “air-gaps.”
• More than three out of four sites have obsolete Windows systems such as XP and 2000. Since Microsoft no longer develops security patches for legacy systems, they can easily be compromised by destructive malware such as WannaCry/NotPetya, Trojans such as Black Energy, and new forms of ransomware.
• Nearly three out of five sites have plain-text passwords traversing their control networks, which can be sniffed by attackers performing cyber-reconnaissance and then used to compromise critical industrial devices.
• Half of the sites don’t have any anti-virus protection, increasing the risk of silent malware infections.
• Nearly half have at least one unknown or rogue device, and 20 percent have wireless access points (WAPs), both of which can be used as entry points by attackers. WAPs can be compromised via misconfigured settings or via the recently-discovered KRAC WPA2 vulnerability, for example.
• 82% of industrial sites are running remote management protocols like RDP, VNC, and SSH. Once attackers have compromised an OT network, this makes it easier to learn how the equipment is configured and eventually manipulate it.
CyberX says there are a number of practical steps manufacturers can take to mitigate OT risk:
1. Provide security awareness training for plant personnel and enforce strong corporate policies to eliminate risky behaviours such as clicking links in e-mails, using USBs and laptops to transfer files to OT systems, and dual-homing devices between IT and OT networks.
2. Apply top-down organizational initiatives to break down barriers between IT and OT teams, such as temporarily assigning IT security personnel to OT organizations and vice-versa to understand the differences between them.
3. Use compensating controls and multi-layered defenses — such as continuous monitoring with behavioral anomaly detection — to provide early warnings of attackers inside your OT network, and to mitigate critical vulnerabilities that might take years to fully remediate.
4. Proactively addressing the most critical vulnerabilities via automated threat modeling.
Download the report here.