Increased attacks on operational technology, Fortinet report

For organizations to respond more efficiently to rapid market developments, digital transformation efforts should be expanded to all corners of the distributed network.  Additionally, in order to increase efficiency in sectors such as manufacturing plants, production and power supply, or interconnected transport systems, operational technology (OT) environments are being connected to Outside world for the first time.

This trend brings great benefits to organizations, enabling tools such as remote monitoring and real-time response to changes. But integration with IT devices also exposes OT systems to threats against which they might not be prepared to defend themselves. The insulation that protected the OT systems from hackers and malware no longer exists in many organizations. For this reason, the cybercriminals are increasingly aiming at OT systems to steal confidential or commercial information, disrupt operations, or even commit cyber-terrorism acts against critical infrastructure.

In a recent survey of OT leaders, 77 percent of respondents mentioned that they had experienced a malware intrusion over the past year and half experienced between three and ten intrusions. The frequency and nature of these is worrisome: respondents reported events that impacted productivity (43 percent), income (36 percent), brand recognition (30 percent), data loss (28 percent), and even security Physics (23 percent).

Report of security trends of Operational Technology 2019 To better understand the security status of the systems OT, Fortinet has recently published a research report that examines the trends of security on the networks OT. Fortinet’s 2019 Operational Technology Security Trends Report analyzed data collected from millions of Fortinet devices to perceive the status of cybersecurity in the SCADA industrial system and other control systems Industrial. Our analysis discovered many attacks on OT systems that seem to point to older devices running unpatched software, indicating that OT networks are being attacked more and more through old threats that are no longer effective against IT Networks.

In addition to computer attacks on unpatched or non-updated OT devices, many threats take advantage of the complexity caused by the lack of protocol standardization and a reliable strategy, something that seems to be constant in many environments OT. This trend is not limited to specific places or sectors, hackers who target the OT environments clearly do not discriminate according to industry or geography, as each vertical and region experienced a significant increase in attacks.

Increased attacks directed at OT 

The cybercriminals attack the devices by addressing the wide variety of existing OT protocols. While IT systems have been standardized by TCP/IP, OT systems use a wide range of protocols, many of which are specific to operation, industries and geographies. This can create a big challenge because security administrators have to create disparate systems to protect their environment.

Several of OT’s attacks over the past decade have achieved great repercussions such as Stuxnet, Havex, BlackEnergy and Industroyer. Recently, Triton/Trisis addressed the security instrumented systems (SIS) controllers. This attack is especially alarming because, in many cases, it is the first cyber-physical attack on OT systems. And given the fact that this malware is aimed at a security system, the result of such an attack could be much worse, potentially destroying machinery and threatening lives.

Conclusion

Fortinet’s 2019 Operational Technology Security Trends report shows that the risks associated with IT/OT convergence are real and they must be addressed as a priority for any organization that has started to connect their industrial systems with their IT networks.

Cybercriminals can extract the maximum value from each threat they make by continuing to exploit unprotected systems and the vulnerability of networks and technology, both with older and newer technologies. They will also continue to exploit slower replacement cycles and legacy technologies that will likely be maintained for several years.  The best way to counteract this new reality is by adopting and implementing a comprehensive, strategic security approach that simplifies the solution and engages IT and OT experts across the organization.