Around the world, ransomware groups have intensified attacks on operational technology networks; experts warn about prevention measures
Operational technology (OT) networks are increasingly in the sights of criminals around the world – and also in Brazil. At least 68 attacks on these networks were successful in 2023 – causing physical consequences in the order of thousands or millions of dollars in more than 500 locations. In Brazil, the self-styled Dark Storm Team has announced possible attacks targeting airports, hospitals and public services.
“Most of these attacks start in IT networks, and most of the time involve ransomware,” explains Audreyn Justus, Director of Marketing, HR and Compliance at Solo Network. In fact, studies show that only 25% of cyber attacks affecting IT networks were directed at this infrastructure. The other 75% were attacks that started with the compromise of machines in the IT network.
“Another important point is that even if the OT network wasn’t compromised, the first step taken by the companies attacked was to shut down the operational network to avoid exposing the physical assets. Reconnecting these networks took weeks before a general review was carried out to ensure that there was no longer any threat,” says Justus.
OT cyber attacks predominantly come in two forms: personalized attacks and opportunistic attacks. Custom attacks are meticulously crafted for specific targets, with the aim of establishing long-term undetected access for the purposes of physical disruption or destruction. Opportunistic attacks, on the other hand, exploit common vulnerabilities and use established tactics, techniques and procedures (TTPs) to gain access to OT systems.
The problem starts with IT
One of the biggest vectors of attack on OT networks – incredible as it may seem – is the entry of malware into systems via phishing emails, infected removable media or unpatched software vulnerabilities. “All of these problems visibly stem from user behavior or a lack of adequate protection for computers and servers,” says the executive.
And research shows that endpoint protection is a factor considered to be of minor importance by most organizations. The Cybersecurity Readiness Index report, organized by Cisco and published at the beginning of April, points out that at least 63% of the companies surveyed – from all over the world, including Brazil – choose solutions with firewalls and IPS for endpoint protection. “It would be more appropriate to choose specialized solutions,” recalls Justus.
“In Brazil, this figure is even higher – the lack of manpower slows down the adoption of technology. In addition, many companies are still at the beginning of their security journey, opting for solutions that don’t, for example, protect the company from attacks aimed at IT networks. For this, you need advanced endpoint protection solutions and service providers who can manage the environment with a focus on prevention,” he concludes.
*** Translated by DEFCONPress FYI Team ***