Fortinet announced the findings of its 2019 Operational Technology Security Trends Report, analyzing data gathered from millions of Fortinet devices to discern the state of cybersecurity for supervisory control and data acquisition (SCADA) and other industrial control systems (ICS).
The analysis found many attacks on OT systems that seems to target older devices running unpatched software, indicating that OT networks are increasingly being targeted by IT-based legacy attacks that are no longer effective against IT networks. The report also highlights a rise in purpose-built OT attacks designed to target SCADA and ICS systems.
Michael Joseph, director system engineering, India and SAARC, Fortinet said: “Malicious actors are able to extract maximum value from each new threat they develop by exploiting unprotected OT systems and vulnerabilities that persist in both older and newer networks and technologies. IT integration and convergence due to digital transformation efforts will continue to pressure this situation further. The best way to counter this new reality is by adopting and implementing a comprehensive strategic approach that simplifies the solution and involves IT and OT experts throughout an entire organisation.”
The majority of these attacks tend to target the weakest parts of OT networks often taking advantage of the complexities caused by a lack of protocol standardization and a sort of implicit trust that seems to permeate many OT environments. This trend is not limited to specific sectors as threat actors targeting OT environments did not discriminate according to industry or geography, as every vertical and region saw a significant rise in attacks.
Key findings from the Fortinet 2019 Operational Technology Security Trends Report:
Exploits increased in volume and prevalence in 2018 for almost every ICS/SCADA vendor. In addition to the recycled IT attacks being thrown at unpatched or non-updated OT devices, 85% of unique threats detected targeted machines running OPC Classic, BACnet, and Modbus.
Cybercriminals targeted devices by exploiting the wide variety of OT protocols in place – many of which are specific to functions, industries, and geographies. Due to the prevalence of legacy protocols and the slow replacement cycle for OT systems to deploy new architecture cybercriminals have actively attempted to capitalize by targeting the weak links in each protocol. These structural problems are exacerbated by the lack of standard protections and poor security hygiene practiced with many OT systems.
Custom OT attacks are also on the rise. Malware targeting ICS and SCADA systems have been developed and deployed for a decade or longer. Attacks specifically designed for OT systems seem to be on the rise, with safety systems increasingly a target. A handful of OT-based attacks over the past decade have managed to make headlines, including Stuxnet, Havex, BlackEnergy, and Industroyer. Most recently, Triton/Trisis targeted safety instrumented system (SIS) controllers which is the first true cyber-physical attack on OT systems.
Ransomware continues to attack OT systems: As of late 2018, ransomware attacks on IT systems have declined and many threat actors appear to have “moved on” to other types of attacks like cryptojacking. However, cybercriminals tend to recycle existing malware to attack OT systems. This may suggest that ransomware will be a bigger threat for OT systems than for IT ones in the near term.
Attacks on heating, ventilation and air conditioning (HVAC) systems and electrical grids are more likely to occur when these systems are operating at peak usage—most often during the Northern Hemisphere’s summer months. The age of an OT system is also a factor, with adversaries tending to target older technology more frequently than newer.
As OT systems become more connected, the trend of increased attacks seems likely to continue. This new exposure requires organizations to adhere to more rigorous security operations and life-cycle management best practices to protect their organizations from major threats to the core of their business. As a result, OT and IT teams need to come together to respond comprehensively to increasing threats.