As with traditional IT networks, Operational Technology (OT) networks are undergoing a digital transformation process of their own. The goal is to improve productivity, efficiency, up-time, and flexibility through better monitoring. To do this, online sensors and connected systems are replacing traditional serial connections, proprietary protocols, and programmable logic controllers to better manage and control industrial environments. At the same time, the integration of automation, communications, and networking in industrial environments is an integral part of the growing Industrial Internet of Things (IIoT).
As IT and operational technology networks converge, organizations are exposing their traditionally isolated OT networks to new cyber-risks. Cybercriminals have already begun designing new malware threats, like CrashOverride/Industroyer, Triton and VPNFilter, to target vulnerable OT systems. While some of these new attacks target SCADA (supervisory control and data acquisition) and ICS (industrial control system) systems, most are focused on highly vulnerable industrial IoT devices.
Traditionally, OT engineers attached devices to monitor and control the OT infrastructure through a serial connection, which made them less available to traditional hackers. Today, as OT managers add serial-to-Ethernet converters to these devices, they are becoming prime targets. Part of the reason is that many of these devices are highly vulnerable to attack. For example, many run aging operating systems, such as Windows XP, that are highly susceptible to exploitation. In addition, most OT networks simply haven’t deployed the sorts of security technologies commonly in place in IT networks. As a result, targeting IIoT devices has certain advantages for some cybercriminals.
Location analytics solutions have been around for a while. But despite the valuable data they can provide, they are still primarily perceived as a tool for big box retail environments, such as malls, grocery stores, and department stores. In such environments, location analytics are commonly used to track consumers while they shop to help retailers do things like identify natural customer movement patterns, address congestion, identify places within a shopping environment that are less frequently visited, or place specific merchandise in high traffic areas.
But the reality is that any number of verticals can realize benefits from leveraging the sort of information that a presence analytics solution provides. Knowing where people are, where they’ve been, and how they’re moving around a location can be of key importance to a wide variety of vertical markets, including hospitality industries, transportation hubs, public venues, theme parks, and even large healthcare facilities. In fact, any business that needs to manage large numbers of people or evaluate the effectiveness of the placement of resources or services can benefit from location-based analytics.
It's time again for another quarterly trek into the wilds of the cyber-threat landscape. As security practitioners work to put themselves in the shoes of hackers to better anticipate where attacks will be coming from, these malicious actors are starting to think more like developers to evade detection.
And lately, they are more precise in their targeting, relying less on blanket attempts to find exploitable victims. How can IT security teams keep pace with the agile development cybercriminals are employing and pinpoint the recycled vulnerabilities being used? Fortinet's latest Global Threat Landscape Report sheds light on current criminal activity and suggests how organizations can stay a step ahead.
Fortinet just announced FortiNAC, the latest addition to its growing portfolio of integrated security solutions designed to protect today’s evolving networks. As organizations embrace digital transformation to improve operational efficiency, they have to support and secure a growing number of IoT devices. In fact, the rapid adoption of both stationary and highly mobile IoT solutions is one of the primary reasons why today’s networks are in constant flux.
According to Gartner, “Internet of Things endpoints will grow at a 32% CAGR from 2016 through 2021, reaching an installed base of 25.1 billion units.”(1) While most people envision digital cameras, printers, and smart appliances, IoT today also includes Industrial IoT (IIoT), Medical IoT (MIoT), and similar IoT solutions being developed across every vertical market. And to complicate matters further, these devices are increasingly interconnected and interdependent. They generate huge volumes of data, operate using applications that are constantly being updated, and often require access to critical resources. As a result, IT teams are struggling to identify, track, monitor, and secure them.
This trend hasn’t gone unnoticed by the cybercriminal community. The volume and sophistication of attacks targeting IoT devices continues to grow as well, as evidenced by the recent Triton and VPNFilter malware attacks.
Atrius Health relies on electronic medical records (EMR) to provide instant access to patient data, ensuring seamless service across a wide range of providers and departments. While Atrius Health had multiple layers of network security, a reliable barrier for physical network connections was missing. If an unauthorized individual slipped into a room at a facility, they could connect a computer, get an IP address and access the network. As with any medical group, preventing data loss and ensuring HIPAA compliance is a major concern for the organization. Lack of complete visibility across the network could result in an easy path for data loss.
The second key challenge involved operational issues. Its many locations often acted as individual business centers, introducing new technology without consulting the IT group whose team was then tasked with supporting unfamiliar devices. This behavior also led to duplicate purchasing of networked equipment. The organization needed to gain visibility into the entire network to ensure efficient, centralized management.
The education industry is aware of the power of digital transformation, and yet it is also one of the sectors most hampered by tight spending constraints and the lack of critical IT skills in the areas of security and cloud. With lots of legacy infrastructure and manual processes and paperwork that have been in place for decades, it is a monumental task to convert a digital strategy into a plan of action.
Cyberattacks are often motivated by the desire to steal and sell sensitive data, such as credit card and financial records, personally identifiable information (PII) including social security numbers, or protected health information (PHI). Once obtained, this data can be readily sold on the dark web to be used in fraudulent transactions, or for illegal activities such as credential stuffing attacks.
In addition to financially motivated attacks, we’re also seeing the rise of disruptive attacks. In many cases, the goal of these attacks was nothing more than the disruption of normal operations along with resulting brand equity damage and loss of public trust. Most alarming is the potential loss of life and public safety if critical services are disrupted. Healthcare, financial services, and retail are often the targets of disruptive attacks due to the high-value data they store and their critical economic and public safety roles.
Of the 103,786 vulnerabilities published on the CVE List since it began, 5,898 (5.7%) were exploited in the wild according to research from our recently released Threat Landscape Report. With over 100,000 known exploits, most organizations cannot patch vulnerabilities fast enough to keep up. This indicates that cybercriminals are not only developing new technologies and strategies to exploit potential victims, but they are also becoming more selective in the way they leverage those exploits, focusing on those that will generate the biggest bang for the buck.
Such information can be extremely valuable when it comes to prioritizing patching vulnerabilities. If criminals aren't exploiting the vast majority of vulnerabilities, then fixing everything—beyond being impossible—is not the right approach. Instead, it is essential to incorporate the knowledge of what they are exploiting through threat intelligence services such as the ones provided by FortiGuard Labs into the decision-making process. Organizations can then couple such threat intelligence with Security Rating Services that provide real-time insights on security preparedness across all security elements to take a much more proactive and strategic approach to vulnerability remediation.
It’s not an exaggeration to state that new cyber threats are emerging every moment of every day, targeting traditional networks, cloud environments, IoT, end user and mobile devices, and increasingly, OT networks and critical infrastructure. Some are brand new exploits, while others are longstanding threats such as ransomware, phishing, or known vulnerability exploits that have been modified, often to evade detection.
Defending against this constantly evolving and expanding threat landscape requires access to real-time threat research and intelligence. Extensive knowledge of the threat landscape, combined with the ability to respond quickly at multiple levels, is the foundation for providing effective security. Which is why the resources of FortiGuard Labs play such a critical role in ensuring the security postures you rely on to block and catch these threats are constantly fine-tuned and updated.