Protecting OT data under persistent threat from ransomware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

According to the Dragos 2023 OT Cybersecurity Year in Review report, several cyber adversary groups targeting industrial OT systems employ living off the land (LOTL) techniques as a means to achieve their objectives within these networks.

See also: Navigating red-alert security challenges in manufacturing

By using native tools already present in the OT environments and exploiting valid or default credentials, they can stay hidden for longer periods. The VOLTZITE threat group, for example, makes heavy use of LOTL techniques in industrial OT networks, enabling them to remain persistent in these environments for considerable periods, impairing detection and incident response efforts.

Adopt a layered security approach to shield data

A layered security approach, also known as defense-in-depth, can help protect data in manufacturing, particularly given the integration of IoT and SCADA systems. Beyond regular software updates where possible, and investing in employee training, this involves multiple security measures to protect the different aspects of the manufacturing network and its data including:

Zero-trust architecture

Adopting a zero-trust architecture is crucial for securing ICS and OT environments, especially in the presence of legacy, out-of-support components that cannot be easily updated or patched.

This approach ensures that no entity, whether inside the industrial network or outside, is trusted by default. Continuous verification of all access requests to OT assets, such as programmable logic controllers (PLCs), SCADA systems, and human-machine interfaces (HMIs), is required.

By implementing zero-trust, manufacturers and critical infrastructure operators can dramatically enhance their security posture, ensuring that each component of their industrial processes is secured against potential breaches, which could lead to severe operational disruptions or safety incidents.

See also: In reader survey, wide majority worries about OT vulnerabilities

This zero-trust approach becomes even more critical due to the presence of legacy systems that may have known vulnerabilities but cannot be easily updated, making them prime targets for cyber threats.

Network segmentation and the use of virtual local area networks (VLANs) play a crucial role in isolating different segments of the OT network, much like the subdivision of a submarine hull into watertight compartments for protection.

This isolation strategy helps limit the potential spread of threats and contain any potential breaches within a specific compartment or segment, mitigating the risk posed by both external threats and internally lurking threats, such as malicious insiders or compromised user accounts.

By segmenting the network into watertight compartments, a breach in one segment can be prevented from cascading and impacting other segments, thus minimizing the overall impact on industrial operations.

Air-gapped backups for industrial data

Data backups serve as a critical safeguard for industrial environments, ensuring that essential operational data, configuration files, and regulatory data such as video surveillance footage can be restored quickly in the event of a cyberattack or system failure.

Regular backups, preferably continuous, should be performed, keeping copies of all important industrial data, system configurations, logs, and regulatory data both on-site and off-site. However, backups alone are not sufficient.

See also: Air gapping OT assets may be the only sure way to shield critical infrastructure

As ransomware attacks become more sophisticated, with 94% of victims reportedly having their backups targeted by attackers, according to Sophos, manufacturers and critical infrastructure operators must implement robust, air-gapped backup strategies.

Air-gapped backups are physically and logically isolated from the industrial control network to prevent ransomware malware from compromising the backup systems.

Immutable cloud storage is ideal, with solutions such as AWS Object Lock providing strong immutability guarantees and being in separate physical locations with distinct administrative permissions and users.

Never trust backups blindly; periodic restoration trials are also essential to confirm the completeness and functionality of the backups.

Leveraging AI for industrial cybersecurity

As manufacturers and critical infrastructure operators strive to combat the rapid proliferation and mutations of cyber threats targeting industrial control systems, leveraging the power of artificial intelligence and machine learning has become essential.

The relevance of traditional signature-based defenses has diminished in the ransomware space, particularly against zero-day attacks. Modern cybersecurity platforms now employ AI and ML to monitor behavior across both OT networks and IT infrastructure.

These technologies enable the detection of anomalies, identification of potential threats, and real-time responses, providing a proactive defense against ransomware, malware, and other cyberattacks.

See also: Why IoT device manufacturers need to prioritize cyber resilience

By leveraging hybrid-cloud solutions that apply AI to behavioral audit logs, manufacturers and critical infrastructure operators can enhance their cybersecurity posture and protect their industrial operations from potential disruptions or safety incidents.

Additionally, the implementation of behavioral anomaly detection further enhances the ability to identify subtle irregularities that may indicate a threat. Given the imminent risk of AI-based threats, there is a compelling need for AI-based defensive capabilities to stay ahead of sophisticated cyber adversaries.

See also: Effective cybersecurity depends on an effective IT/OT partnership

As cyber threats evolve, the defensive strategies of manufacturing companies must mutate as well. The growing menace of ransomware demands more than data protection—it requires a commitment to maintaining operational continuity and safeguarding the integrity of supply chains.

Manufacturers need to adopt a proactive and layered approach to cybersecurity if they hope to keep their business in business in 2024 and beyond.


Click Here For The Original Source.


National Cyber Security