Cybersecurity firm Kaspersky has identified the main factors contributing to advanced persistent threat (APT) attacks in the industrial sector.
The first is the lack of isolation in operational technology (OT) networks, described in a new report published today.
Kaspersky experts have observed instances where engineering workstations are connected to IT and OT networks. This reliance on network configuration for isolation can be manipulated by a skilled attacker to allow malware to control his traffic or infect a seemingly isolated network.
“In situations where OT network isolation relies solely on the configuration of networking equipment, experienced attackers can always reconfigure that equipment to their advantage,” says Kaspersky Industrial Control Systems Cyber Evgeny Goncharov, head of the emergency response team, explains.
According to the report, the human factor also remains a key factor in cybercriminal activity in industrial settings, with employees and contractors allowing access to OT networks without adequate attention to information security measures. It is said that it is often done.
Ephemeral remote administration tools such as TeamViewer and Anydesk can continue to run unnoticed, making it easy for attackers to gain entry.
Read more about similar attacks: CISA warns against malicious use of legitimate RMM software
Kaspersky’s research also highlights instances of disgruntled employees and contractors with access to OT networks attempting to harm them.
Poorly protected OT assets further amplify these risks. Security solutions with outdated databases, disabled security components, and too many exclusions from scanning and protection can allow malware to spread more easily.
Insecure configurations of security solutions also play a significant role in APT attacks, as does the lack of cybersecurity protection in OT networks and the inability to keep industrial workstations and servers up-to-date.
“In some cases, updating a server’s operating system may require a proprietary software update.” […] That would require equipment upgrades, all of which can be too expensive. As a result, obsolete systems exist in industrial control system networks,” Goncharov added.
“Surprisingly, even the internet-connected systems of industrial companies that are relatively easy to update can remain vulnerable for long periods of time. […] As real-world attack scenarios demonstrate, they are under attack and severely at risk. ”
Kaspersky’s report follows a separate research study from the company that suggested that two in five (40.6%) of OT computers in industrial settings will be affected by malware by 2022. announced a month later.
