Today, Microsoft unveiled the third edition of its Cyber Signals Report which features Internet-of-Things (IoT) and Operational Technology (OT), highlighting Microsoft’s unique insights on the rise of cyber risks to critical infrastructure. The Report also offers insights on the current threat landscape, focusing on recent trends, attacks, and strategies.
According to the Cyber Signals: Edition 3, over the past year, there have been threats exploiting devices in almost every monitored and visible part of an organization. The International Data Corporation (IDC) estimates there will be 41.6 billion connected IoT devices by 2025, a growth rate higher than traditional IT equipment. Although security of IT equipment has strengthened in recent years, IoT and OT device security has not kept pace, and threat actors are exploiting these devices.
Analyzing 2022 threat data across different countries, Microsoft researchers found that India is amongst the top 3 countries originating IoT malware infection in 2022. Therefore, the cyberthreat landscape is real and security is the need of the hour. Through this report, Microsoft aims to help incident responders and security specialists better understand their environments and prevent potential incidents.
Rising OT and IoT threats:
- Today, we see OT devices all around us. They include building management systems, fire control systems, and physical access control mechanisms, like doors and elevators.
- IoT devices offer significant value to organizations looking to modernize workspaces, become more data-driven and ease demands on staff through shifts like remote management and automation.
- With increasing connectivity across converging IT, OT, and IoT, organizations and individuals need to rethink cyber risk impact and consequences.
- Microsoft has observed a spike in threats across traditional IT equipment, OT controllers and IoT devices like routers and cameras fueled by the interconnectivity many organizations have adopted over the past few years. Microsoft identified unpatched, high-severity vulnerabilities in 75% of the most common industrial controllers in customer OT networks.
Sophisticated attack techniques:
- Advanced attackers are leveraging multiple tactics and approaches in OT environments.
- Many of these approaches are common in IT environments but are more effective in OT environments, like discovery of exposed, Internet-facing systems, abuse of employee login credentials or exploitation of access granted to third-party suppliers and contractors to the network.
- Modern threats like sophisticated malware, targeted attacks, and malicious insiders are difficult for traditional security measures to contain.
Zero Trust strategy is the key:
- Older operating systems often don’t get the updates required to keep networks secure. Therefore, prioritizing IT, OT, and IoT device visibility is an important first step for managing vulnerabilities and securing these environments.
- Across the customer networks Microsoft monitors, 29 percent of Windows operating systems have versions that are no longer supported. Versions such as Windows XP and Windows 2000 are still operating in vulnerable environments. Microsoft also observed over 1 million connected devices publicly visible on the Internet running Boa, an outdated and unsupported software still widely used in IoT devices and software development kits (SDKs).
- A defense based on Zero Trust, effective policy enforcement, and continuous monitoring can help limit the potential blast radius and prevent or contain incidents like this in cloud connected environments.
Vasu Jakkal, corporate vice president, security, compliance, identity, and management at Microsoft, said: “As OT systems underpinning energy, transportation, and other infrastructures become increasingly connected to IT systems, the risk of disruption and damage grows as boundaries blur between these formerly separated worlds. For businesses and infrastructure operators across industries, the defensive imperatives are gaining total visibility over connected systems and weighing evolving risks and dependencies.”