Industrial and infrastructure networks are prime targets for attackers
Operational technology networks are used with specialized Industrial Control Systems (ICS) to monitor and control physical processes such as assembly lines, mixing tanks, and blast furnaces. These networks are ripe targets for adversaries according to a new study from industrial cyber security company CyberX.
Many of these networks are exposed to the public internet and easy to crack using simple vulnerabilities like plain-text passwords. Lack of even basic protections like antivirus can enable attackers to quietly perform reconnaissance before sabotaging physical processes.
Once attackers get into an OT network it's relatively easy for them to move around and compromise industrial devices. Motives range from criminal intent to operational disruption and even threats to human and environmental safety.
"We don't want to be cyber Cassandras -- and this isn’t about creating FUD -- but we think business leaders should have a realistic, data-driven view of the current risk and what can be done about it," says Omer Schneider, CEO and co-founder of CyberX.
CyberX analyzed production traffic from 375 OT networks worldwide across all sectors. It finds that a third of industrial sites are connected to the internet, making them accessible by hackers and malware exploiting vulnerabilities and misconfigurations.
More than three out of four sites have obsolete Windows systems like Windows XP and 2000, leaving them vulnerable to destructive malware such as WannaCry/NotPetya, Trojans such as Black Energy, and new forms of ransomware.
Nearly three in five sites have plain-text passwords traversing their control networks, which can be sniffed by attackers performing cyber reconnaissance and then used to compromise critical industrial devices. In addition half of the sites don't have any AV protection.
Almost half have at least one unknown or rogue device, and 20 percent have wireless access points, both of which can be used as entry points by attackers. In addition 82 percent of industrial sites are running remote management protocols like RDP, VNC, and SSH. Once attackers have compromised an OT network, this makes it easier for them to learn how the equipment is configured and eventually manipulate it.
You can find out more including recommendations for protecting OT networks in the full report available from the CyberX site.
Image Credit: Meryll / Shutterstock