var _hmt = _hmt || []; (function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?d387e539c1f2d34f09a9afbac8032280"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s); })();

7x彩票网appDark Reading is part of the Informa Tech Division of Informa PLC

7x彩票网appThis site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

12/31/2019
10:00 AM
Derek Manky
Derek Manky
Commentary
Connect Directly
50%
50%

Operational Technology: Why Old Networks Need to Learn New Tricks

Cybercriminals are maximizing their opportunity by targeting older vulnerabilities in OT environments. It's time to fight back.

Cybercriminals innovate when necessary, but like any successful enterprise, they also harvest low-hanging fruit wherever they can find it. Targeting older, vulnerable systems that have not been properly secured is not just an effective attack strategy, it is the primary cause of the vast majority of security breaches. Which is why, as Fortinet researchers recently discovered, that cybercriminals target vulnerabilities 10 or more years old more often than they target new attacks. And in fact, they target vulnerabilities from every year between 2007 and now at the same rate as they do vulnerabilities discovered in 2018 and 2019. 

Cybercriminals are maximizing their opportunity by targeting older vulnerabilities, as well as exploiting the expanding attack surface – especially with the convergence of operational technology (OT) environments with IT. OT can be thought of as hardware and software that monitor and control industrial equipment and processes – think valves, pumps, and thermostats, for example.

7x彩票网appAnd with OT-IT convergence in the wings, it's critical that companies ensure they are taking the necessary precautions in their own organization.

Recycling threats
Judging by conversations with security professionals from global enterprises and the intelligence community, as well as 20 years of threat research, it’s clear that some fundamentals still need attention. The vast majority of breaches are not caused by sophisticated attacks or advanced tactics, techniques, and procedures. While many of these pose a significant, and perhaps even existential threat, most cybercriminals are content with a business-as-usual approach.

7x彩票网appIn our most recent , FortiGuard Labs detected a rise in attempts to inject and execute code/commands on target systems. That’s nothing new, but it does seem to be reaching new heights. This trend may indicate threat actors are expanding their tactics for exploiting systems. Simply put, attackers want more bang for their buck. Attacking vulnerable services was in vogue years ago, before companies started shoring up their publicly exposed services. As a result, phishing attacks became their main delivery vehicle for implanting malicious code onto target systems. 

7x彩票网appBut it's possible that attackers could be going back to (or reincorporating) some of their old-school tactics, especially as organizations over-rotate on training users and updating their secure email gateways to detect and reject phishing attacks. Attackers love to focus their efforts where/when defenders aren’t watching. Could this recent trend indicate that organizations have let their guard down on their exposed services as a result?

Operations under attack
7x彩票网app There is no question that traditional OT systems are among the most vulnerable assets inside any organization. In fact, Gartner analysts have found that an alarming percentage of OT networks and assets – and their security implications – have lain undiscovered and unmanaged for many years. 

7x彩票网appOT vulnerabilities and related exploits can also affect verticals outside of heavy industry, including healthcare environments that rely on patient monitoring devices and MRI machines, or transportation systems that utilize internal OT systems to manage and control things like air traffic.

There are other security challenges, including: IT outages that impact customer-facing systems; the inability to properly identify, measure and track risk; and the interruption of business operations due to a catastrophic event. Worse, these challenges are being compounded by a lack of security expertise inside organizations – not only within their own in-house staff, but also with the third-party vendors with whom they outsource their security and other critical services. 

7x彩票网appThis is not just due to the growing cybersecurity skills gap facing the entire computing industry, but also the fact that even available security professionals often have little experience with OT environments.

7x彩票网appThis opens a huge security gap. Of the organizations with connected OT infrastructures, 90% have experienced a security breach within their SCADA/ICS architectures – with more than half of those breaches occurring in just the last 12 months. Security concerns include viruses (77%), internal (73%) or external (70%) hackers, the leakage of sensitive or confidential information (72%), and the lack of device authentication (67%). 

And as discussed earlier, quite a few of these attacks target older technology – especially unpatched applications and operating systems. OT security operations have traditionally relied on  and air-gapped isolation from the IT network for protection. As a result, visibility derived from protocol analysis and deep packet inspection is not yet widely deployed. This means that not only are older attacks highly successful in OT environments, but a great number of those attacks seem to be repetitive as there is no way to correlate attack strategies with vulnerable systems.

7x彩票网appBad actors also infiltrate devices through the many different OT protocols in place. While IT systems have largely been standardized through TCP/IP, OT systems use a wide array of protocols—many of which are specific to functions, industries, and even geographies. This can create quite a challenge, as security managers have to create disparate defensive systems to secure their environment. And as with legacy IT-based malware attacks, these structural problems are exacerbated by a lack of security hygiene practices within many OT environments that are now being exposed due to digital transformation efforts.

Securing the IT-OT Environment 
7x彩票网app For many organizations, competing effectively in today’s digital economy requires converging IT and OT environments. But unless great care is taken, the result will be a broadened attack surface that is widely available to adversaries. The best way to mount a defense is by adopting and implementing a comprehensive strategic approach that simplifies the solution, and engages both IT and OT experts throughout an entire organization: 

  • Strategic alignment of executives: All team leaders must understand and agree to the business objectives and benefits of converging these resources. Common goals, clearly defined outcomes, and a clear-eyed understanding of the risks and consequences will help all teams drive towards an effective solution.
  • Joint task force: A highly effective approach is to bring representatives from all impacted teams together to voice concerns, debate strategies, scope out the project and develop a common set of processes. Their first objective should be to educate each other on the challenges such a project entails. 
  • Test and re-test: Every step of the project outlined by the joint task force needs to be run, sometimes repeatedly, in a controlled environment before turning it on in a production network. There is a lot at stake, so fine-tuning operational controls, security measures, and contingency plans before applying them to a live environment is essential.

By creating a converged framework that includes built-in cybersecurity, OT system owners will be able to confidently move forward in a digitally transformed business while sustaining safe and continuous operations.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "5 Pieces of GDPR Advice for Teams Without Privacy Compliance Staff."

Derek Manky formulates security strategy with more than 15 years of cyber security experience behind him. His ultimate goal to make a positive impact in the global war on cybercrime. Manky provides thought leadership to industry, and has presented research and strategy ... View Full Bio
Comment  | 
Print  | 
More Insights
Webcasts
More Webcasts
White Papers
Reports
Comments
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
7x彩票网app Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...

PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.

PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...

PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...

PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
66?????? 7072???? 7073???? 689????? 963???? 66????? 7073???? 7073???? 66???app 8????app