The emergence of the Internet of Things (IoT) and Operational Technology (OT) devices has substantially grown the attack surface for malicious actors. Their ubiquity, susceptibility to vulnerabilities, and increasing cloud connectivity provide attackers with unprecedented access to various industries’ infrastructure networks. The expanding presence of these technologies is unraveling a previously safeguarded barrier between IT networks and less secure OT systems, thus amplifying their destructive power even further.
In the previous months, Microsoft has detected malicious threats across a wide array of organizational hardware and networks. This worrisome surge in cybercriminal activity encompasses everything from conventional IT equipment to operational technology controllers and internet-of-things devices like routers or surveillance cameras – undoubtedly facilitated by companies’ increasing reliance on interconnected technologies.
Critical infrastructure is at increased risk due to IoT and OT vulnerabilities
In today’s digital landscape, the malicious activity of threat actors has become increasingly sophisticated and widespread. As cybercriminal activities expand into operational technology systems, ransomware attacks that were once thought to primarily target IT environments now pose a risk for OT infrastructures as well.
Operational Technology systems span countless industries and have become an integral part of numerous physical operations. Ranging from items such as HVAC controllers to elevators or traffic lights and vital safety infrastructure, OT is found in nearly all facets of production activity within the modern world.
Internet of Things (IoT) devices offer organizations a chance to optimize their workspaces through automation and data-driven insights. However, they present an elevated risk in critical infrastructure networks when not adequately secured – opening up potential paths for attackers to access sensitive equipment and launch major strikes against vital operations.
Analyzing 2022 threat data across different countries, Microsoft researchers have found the largest share of IoT malware (38%) originate from China’s large network footprint. Infected servers in the United States put the U.S. in second place, with 18% of observed malware distribution.
How to defend against IoT/OT attacks
Sophisticated assailants are combining multiple strategies and tactics in mission-critical OT infrastructures, many of which are seen routinely within IT systems but can be more influential when carried out in operational technology environments. Such approaches include unearthing exposed Internet-based networks, taking advantage of personnel login credentials, or exploiting access to third-party contractors connected to these technological frameworks.
The combination of IT and OT operations is increasingly essential for modern business, yet brings with it a range of risks that need to be carefully addressed. Traditional methods such as air-gapped devices and perimeter security are no longer sufficient on their own in the face of sophisticated malware, targeted attacks, or malicious insiders. To ensure an acceptable level of protection for valuable assets, other control measures must be considered.
Microsoft provides the following recommendations to organizations to protect their IT/OT infrastructure:
- Work with stakeholders for mapping business-critical assets, in IT and OT environments.
- Define visibility by identifying which IoT and OT devices are critical assets by themselves, and which are associated with other critical assets.
- Analyze the potential risk to critical assets to understand and evaluate the business consequences posed by various attack scenarios, as proposed by MITRE.
- A clear strategy should be put in place to tackle the risks discovered, with emphasis placed on areas that would have a larger effect on the business.
- Maximize security and governance across all devices with the Zero Trust methodology. This provides an innovative solution using best practices to enable you to implement new, improved policies for a secure environment.
- Equip your organization with a comprehensive security solution and enhance its visibility, monitoring capabilities, attack surface capability assessment, threat detection abilities as well as rapid response to potential threats.
- Provide security teams with specialized training on both established and emerging threats related to the Internet of Things (IoT) and Operational Technology (OT).
- Leveraging advanced security measures to unify IT and operational technology applications helps create an optimized, secure operating environment in today’s vulnerable digital world.
The benefits of leveraging cloud-based solutions are too great to ignore. But as more devices connect to your network, you must also consider the potential vulnerabilities these new connections create. By familiarising yourself with common IoT and OT threats—and implementing best practices for mitigating them—you can keep your organization safe as it grows and evolves.
Source: Microsoft
Read next: Azure OpenAI Service is generally available providing users access to advanced AI models