Cybersecurity company Fortinet has released the Fortinet 2019 Operational Technology Security Trends Report, which examines security trends for operational technology (OT) networks. The report analyzes data collected from millions of Fortinet devices to determine the cybersecurity status of centralized control and data collection systems (SCADA) and industrial control systems (ICS). According to this analysis, attacks on OT systems target older devices that work with unpatched software. In addition, IT-based attacks based on legacy offensive methods that are no longer effective in IT networks are increasingly targeting OT systems. On the other hand, the entire cybersecurity sector observes a significant increase in OT attacks that target SCADA and ICS systems designed for a specific purpose. The report highlights that these attacks target the weakest parts of OT networks and that attackers are benefiting from the complexity of the lack of standard protocols. Moreover, as it is understood from the significant attacks seen in all types of vertical markets and regions, threat actors do not discriminate between industry or geography.
- In 2018, abuses at almost every ICS/SCADA provider increased in both outnumberand in terms of prevalence.
- Attackers regularly go to recycling IT threats to target OT systems.
- 85 percent of the unique threats detected in 2018 targeted devices running opc classic, BACnet and Modbus protocols.
- BACnet attacks increased between January and April 2018; These attacks coincide with the Mirai botneti.
- The Moxa 313 weakness is intense, especially in Japan.
IT-based attacks are increasingly targeting OT systems
Fortinet's 2019 Operational Technology Security Trends Report reveals that cybercriminals can use legacy IT-based threats to attack OT systems. Most of the attacks target older technologies, such as unpatched applications and operating systems. In addition, cybercriminals aim to attack devices by targeting a wide range of OT protocols. Although IT systems have been standardized on TCP/IP protocol for many years, OT systems use a wide range of different protocols, most of which are specific to the function, industry and geographic location. This causes a variety of challenges, requiring security administrators who want to protect their environment to create systems far from each other. This also raises the problem of the complexity of provider solutions and products. With traditional IT-based malware attacks, these structural problems can become even more complex in many OT environments as a result of unwanted security hygiene practices due to digital transformation efforts.
Specially designed OT attacks on the rise
Malware, specifically targeting ICS and SCADA systems, has been being developed for over 10 years. Although the examples are not very numerous, with increasingly targeted safety systems, specially designed attacks for OT systems are starting to increase.
Highlights over the past decade include Stuxnet, Havex, Industroyer and recently included Triton/Trisis. In particular, Triton/Trisis is known to alarm many experts because it is the first cyber-physical attack on OT systems in many ways. Given that malware targets safety systems, there may be a much worse event, such as damaging machines and threatening human life.
Cybercriminals can make maximum use of each new threat they develop by continuing to exploit vulnerabilities and unprotected systems in both old and new networks and technologies. Depending on the efforts of digital transformation, IT integration and convergence further complicate this situation. The way to combat this new situation is to adopt and implement a comprehensive strategic approach that the IT and OT experts in the organization work with, which is a solution.