"Not as Complex as We Thought: Cyberattacks on Operational Technology Are on the Rise"

FireEye's Mandiant cyber forensics team has released a new report focusing on the attack rates on control processes supported by Operational Technology (OT). Attacks on the control processes were previously considered complex because of access requirements and the need for malware that can compromise proprietary industrial technologies. However, the attack surface has been widened by vulnerable, Internet-facing OT endpoints. The number of less-sophisticated OT attack attempts is increasing, with hackers of varying levels of skill and resources having been observed using common IT tools and methods to gain access to exposed OT systems. These attackers have targeted solar energy panel networks, water control systems, and Building Automation Systems (BAS). According to the researchers, the main objectives behind attacks against OT systems seem to be ideological, egotistical, or financial rather than to cause significant damage. Attackers have been using Remote Access Services (RAS), Virtual Network Computing (VNC), and other methods to compromise OT assets. Graphical User Interfaces (GUI) are considered the low-hanging fruit that many attackers are going after as they allow them to modify control variables without being knowledgeable of a process. The researchers recommend the removal of OT assets from public, online networks whenever possible. Security audits should be conducted frequently to harden networks. Human Machine Interfaces (HMI), and other assets should also be configured to prevent potentially dangerous variable states. This article continues to discuss recent findings surrounding the rise in low sophistication OT compromises.

ZDNet reports "Not as Complex as We Thought: Cyberattacks on Operational Technology Are on the Rise"