Home > Cybersecurity > Attacks on OT systems are becoming more frequent
Contrary to what one might imagine, OT systems are falling victim to unsophisticated attacks. This has made cybercriminals’ actions against critical infrastructure significantly more frequent in recent years, according to a survey conducted by Mandiant, FireEye’s intelligence unit that studies threats and incident response, recently acquired by Symphony Technology Group.
Unlike IT systems that deal with information, its flows, and processing, OT systems work with machines and their control processes. They are seen as more complex, requiring a lot of resources and time when their operations are interrupted for some reason. However, Mandiant Threat Intelligence has observed that attacks on these systems are being conducted by attackers with varying skill levels and widely used IT tools and techniques.
The attackers seem to be driven by financial, ideological motivation or just to gain notoriety. They target a broad spectrum of supposedly vulnerable Internet-connected OT systems used in different solutions, such as solar power panels, water consumption control, building automation, and home security. What seems to be changing since Mandiant started monitoring this type of activity in 2012 is the significant growth in the frequency of incidents in recent years.
The most common current activity involves extortion, but also sharing knowledge and expertise to exploit widely known tactics, techniques, and procedures and widely used tools to access, interact with or collect information from exposed assets on the Internet. This was seen very little in the past, the study said.
The breaches most frequently exploited by unsophisticated attacks are unsecured remote access services and also graphical human-machine interfaces, as they are a friendly representation that, when malicious, can lead the user to trigger the operations desired by the attackers.
According to Mandiant, protection against unsophisticated lures can be implemented from awareness of unsafe exposure of assets and data and good security practices such as: