Cyber threat without borders

We rarely think about it, but behind our critical infrastructure there is a silent engine running. These silent engines are so-called IoT and OT devices. Think of smart traffic lights that ensure the correct flow of traffic, medical equipment that is necessary in hospitals or industrial robots that keep production lines running 24/7. But imagine that in a factory the assembly line stops because the control has been taken over by malicious parties, a hospital where attackers penetrate the network via a software vulnerability present on infusion pumps and disrupt critical medical equipment, or a city where traffic comes to a complete standstill because traffic lights have been taken over remotely. 

These are not fictional scenarios, but real examples of what can happen when IoT and OT devices are attacked and abused. IoT and OT devices are rarely designed with cybersecurity in mind, which makes them so attractive to attackers. And practice already painfully shows this:

• In Las Vegas , a casino was hacked via an IoT thermometer in an aquarium in the lobby. A smart aquarium turned out to be a backdoor to the network, resulting in a large-scale data breach .
• In March 2021 , Verkada, a cloud-based video surveillance service, was hacked in which a hacker group "root" gained access to live video feeds from around 150,000 cameras placed in schools, prisons, hospitals and factories.
• In Saudi Arabia, hackers tried to sabotage the security systems of a petrochemical plant in 2017 via the Triton malware framework. An attack that almost ended in a dangerous disaster.
• Palo Alto's 2020 research found that of the 1.2 million IoT devices surveyed, which were located in large IT companies and healthcare organizations in the United States, 98% of all traffic was unencrypted and 72% of IoT and IT traffic was within the same VLAN.

Unfortunately, I still see too often that organizations think that it is not all that bad, after all, their OT systems are 'safe' because they are separated from the other IT systems and the primary focus and discussion is on linking the existing firewalls. This is in the knowledge that all relevant threats are still 'within the walls'. I also notice that there is little insight into which OT components are actually present in the environment. This invisibility is a recipe for misery: what you can't see, you can't protect. Just recently, I spoke to a manufacturing company who said they were shocked at how much shadow IT was connected to their OT environment. An employee had an external connection open on his laptop, which was connected to a machine operating system, out of good intentions to be able to read data at home. This seems noble and efficient, but it also turned out to be a direct open door to the industrial network. An attacker could have gained full access to critical production systems via that route, with all the consequences that entailed.

In short, IoT and OT threats are no longer hypothetical. They are concrete, visible in the news and touch on the core of continuity and safety. However, where IT security is now mature, IoT/OT environments are often outdated, not visible enough in the environment and therefore increasingly targeted by attackers.

At Wortell Enterprise Security , we consciously choose not to see OT security separately from IT. 

Digital attacks don't care about departments or networks, they move effortlessly between production floors and office environments. That is why we fully integrate OT and IT within the security approach of our customers. In our Cyber Defense Center, we monitor the entire digital infrastructure 24/7 and bring together signals from IT and OT, so that this becomes transparent in one overall picture. This allows us to recognise deviant behaviour more quickly, shorten the response time and gain insight into risks that can affect the continuity of primary processes.

This approach is based on modern Microsoft technologies that allow us to monitor both IT systems and industrial devices, without the need for software on the devices themselves. Fully isolated networks are also supported and industrial systems are recognized without impact on the primary business process.