Cybersecurity company Fortinet has released its Fortinet 2019 Operational Technology Security Trends Report, which examines security trends for operational technology (OT) networks. The report analyzes data collected from millions of Fortinet devices to determine the cybersecurity status of centralized control and data collection systems (SCADA) and industrial control systems (ICS). According to this analysis, attacks on OT systems target older devices that work with unpatsed software. In addition, IT-based attacks based on legacy attack methods that are no longer effective on IT networks are increasingly targeting OT systems. On the other hand, the entire cybersecurity industry is observing a significant increase in OT attacks targeting SCADA and ICS systems designed for a specific purpose. These attacks targeted the weakest parts of OT networks and that attackers took advantage of the complexity of the lack of standard protocols, the report said. In addition, as it is understood from the significant attacks seen in all kinds of vertical markets and regions, threat actors do not discriminate between sector or geography.
Highlights from the report
- In 2018, abuses increased in almost every ICS/SCADA provider, both in number and in terms of prevalence.
- Attackers regularly recycle IT threats to target OT systems.
- In 2018, 85 percent of individual threats detected targeted devices running the OPC Classic, BACnet, and Modbus protocols.
- BACnet attacks increased between January and April 2018; These attacks coincide with the Mirai botneti.
- The Moxa 313 vulnerability is particularly intense in Japan.
IT-based attacks are increasingly targeting OT systems
Fortinet's 2019 Operational Technology Security Trends Report reveals that cybercriminals can use legacy IT-based threats to attack OT systems. Most attacks target legacy technologies such as unpatked applications and operating systems. In addition, cybercriminals aim to attack devices by targeting a wide range of OT protocols. Although IT systems have been standardized on the TCP/IP protocol for many years, OT systems use a wide range of different protocols, the vast majority of which are specific to functionality, industry, and geographic location. This causes a variety of challenges, requiring security administrators who want to protect their environments to build systems far apart. Thus, the problem of provider solutions and the complexity of their products also arises. With traditional IT-based malware attacks, these structural problems can be further complicated by unwanted security hygiene practices due to digital transformation efforts in many OT environments.
Specially designed OT attacks on the rise
Malware specifically targeting ICS and SCADA systems has been developed for over 10 years. Although the examples are not many, with safety systems increasingly becoming a target, it seems that attacks specifically designed for OT systems are on the rise.
Ot-based attacks that have featured in the last decade include Stuxnet, Havex, Industroyer and the recently incorporated Triton/Trisis. In particular, Triton/Trisis is known to alarm many experts because it is in many ways the first cyber-physical attack on OT systems. Given that the malware targets safety systems, there could be a much worse event, such as damaging machines and threatening human life.
Cybercriminals can make the most of every new threat they develop by continuing to exploit vulnerabilities and unprotected systems in both old and new networks and technologies. It integration and convergent due to digital transformation efforts make this situation even more serious. The way to combat this new situation is to adopt and implement a comprehensive strategic approach that simplifies the solution and where IT and OT experts in the organization work together.