In a report published yesterday, Kaspersky identifies the environmental factors leading to APT attacks in industrial sectors:
As we analyze what caused an incident, we often see:
- numerous systems with security solution databases that haven’t been updated for a long time;
- systems on which the staff forgot to add a license key, although it had been purchased;
- systems on which a user can remove a license key (and those on which a user has actually removed one);
- systems on which a user has shut down the security solution or disabled its components that provide protection from modern threats;
- systems in which too much is excluded from scanning and protection.
And:
Finally, on some OT networks, protection is not installed on many endpoints at all. There can be a number of reasons for this. Sometimes engineers believe that their ICS systems are completely isolated from other network segments. In other cases, engineers are simply afraid of installing anything new because of the principle “if it isn’t broken, don’t fix it”. The choice of a security solution can be further complicated in situations where industrial equipment vendors require that only software certified by them be installed on ICS systems, threatening to cancel the warranty of systems that don’t meet this requirement.
None of that inspires confidence. But I must admit that I do see a lot of that in my travels. Willy Leichter, VP, Cyware has this comment:
“Unfortunately, many OT operators still rely on an outdated and dangerous assumption that their systems are isolated and effectively air gapped. Combine this with outdated equipment, and a constant fear of downtime and we have an ongoing recipe for disaster. IT and OT systems are inevitably intertwined – connected by people, and networks that are vulnerable. All these systems need the same levels of visibility, oversight, and robust security controls.”
This Kaspersky report should be required reading for every security professional and sysadmin. I say that because there is no excuse for this when threat actors are so advanced, they don’t need help like this to get into networks to do bad things.
Related
This entry was posted on June 1, 2023 at 8:26 am and is filed under Commentary with tags Kaspersky. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
OT Network Isolation, Human Error Fuel Industrial APT Attacks: Kaspersky
In a report published yesterday, Kaspersky identifies the environmental factors leading to APT attacks in industrial sectors:
As we analyze what caused an incident, we often see:
And:
Finally, on some OT networks, protection is not installed on many endpoints at all. There can be a number of reasons for this. Sometimes engineers believe that their ICS systems are completely isolated from other network segments. In other cases, engineers are simply afraid of installing anything new because of the principle “if it isn’t broken, don’t fix it”. The choice of a security solution can be further complicated in situations where industrial equipment vendors require that only software certified by them be installed on ICS systems, threatening to cancel the warranty of systems that don’t meet this requirement.
None of that inspires confidence. But I must admit that I do see a lot of that in my travels. Willy Leichter, VP, Cyware has this comment:
“Unfortunately, many OT operators still rely on an outdated and dangerous assumption that their systems are isolated and effectively air gapped. Combine this with outdated equipment, and a constant fear of downtime and we have an ongoing recipe for disaster. IT and OT systems are inevitably intertwined – connected by people, and networks that are vulnerable. All these systems need the same levels of visibility, oversight, and robust security controls.”
This Kaspersky report should be required reading for every security professional and sysadmin. I say that because there is no excuse for this when threat actors are so advanced, they don’t need help like this to get into networks to do bad things.
Share this:
Like this:
Related
This entry was posted on June 1, 2023 at 8:26 am and is filed under Commentary with tags Kaspersky. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.