Microsoft yesterday released the third edition of Cyber Signalsintelligence report dedicated to cyber threats.
Cyber Signals, what popped up from Microsoft’s report
The report is based on the latest data and the latest analyzes conducted by the IT multinational, identifying the main cyber threats and highlighting the trends and strategies most used by hackers.
In particular, the new edition of Cyber Signals focused on convergence of IT and Operational Technology (OT)highlighting how in complex scenarios that also involve the IoT, IT risks are on the riseespecially if we are talking about critical infrastructures.
According to data collected by Microsoft, between 2020 and 2022 the number of high-risk vulnerabilities discoveries in industrial control equipment jumped to 72%. Notably, over the past year, attackers have extensively exploited both traditional IT equipment as well as OT controllers and IoT devices such as routers and cameras.
On this last point, IDC estimate that by 2025 there will be 41.6 billion connected IoT devicesbut in terms of device security, it is still tremendously behind, leaving the field free for hackers.
Also, according to Microsoft insights, in the 75% of the most common industrial controllers in OT networks of customers have unpatched and high-risk vulnerabilities.
Because attackers can easily break into corporate devices
The peak presence of hackers in these environments and networks is fueled by convergence and interconnectivity that many organizations have adopted in recent years.
Especially IoT devices have become essential for companies that want to modernize their workspace and become more and more data-drivers. However, without adequate protection, it becomes very easy for hackers to infiltrate.
Another interesting fact is to note how 72% of software exploits used by “Incontroller”i.e. what the Cybersecurity and Infrastructure Security Agency (CISA) described how new state-sponsored cyberattack tools business systems oriented, they are already available online.
You also need to keep in mind that a industrial control systeme (ICS) can be “air-gapped” and isolated from the Internet, but the moment there is a compromised laptop that is connected to a previously secure OT device or network, it becomes vulnerable.
In networks monitored by Microsoft, 29% of operating systems have versions that are no longer supported. Since older operating systems very often they don’t get updates needed to secure networks, prioritize the visibility into IT, OT, and IoT devices it is an important step to manage vulnerabilities.
Cyber Signal’s recipe to defend against cyber attacks
It is especially important to note how in OT the supply chain plays an even more important role than in IT realities. Faced with this awareness, it is necessary for all the players involved to guarantee the highest possible levels of safety.
Far too many SCADA and industrial systems suffer from significant vulnerabilities. This problem is the result of obsolete and non-updatable applications because the cost to do so is too high.
Therefore it must be understood that a defense based on Zero Trustand’effective policy enforcement it’s a continuous monitoring they can help limit the potential attack radius and prevent or contain cloud incidents.
Finally it is essential to keep in mind that the study of OT equipment requires specific knowledgeconsequentially Understanding the safety status of industrial controllers is critical.
Microsoft then decided to release one Open source forensic tool for cybersecurity expertsto help security specialists better understand their environments and investigate potential incidents.
For more information, you can consult the complete report at this link.