Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices

Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices

May 31, 2024 at 10:30AM

Microsoft stresses the critical need to secure internet-exposed operational technology (OT) devices as cyber attacks continue to target such environments. The company warns that OT systems lack adequate security, making them vulnerable to exploitation and attacks. To mitigate these risks, organizations are urged to implement security measures and reduce the attack surface of their OT systems.

Key takeaways from the meeting notes are:

1. There is a pressing need to secure internet-exposed operational technology (OT) devices following a recent increase in cyber attacks targeting such environments.

2. The attacks on OT systems can allow malicious actors to tamper with critical parameters, leading to malfunctions and system outages.

3. OT systems often lack adequate security mechanisms, making them vulnerable to exploitation and relatively easy to attack, particularly when directly connected to the internet.

4. There are specific advisory warnings and bulletins issued by companies and agencies, urging customers to disconnect industrial control systems not meant to be connected to the public-facing internet due to heightened geopolitical tensions and cyber threats.

5. The onset of global events, such as the Israel-Hamas war, has led to a spike in cyber attacks against internet-exposed, poorly secured OT assets, conducted by various groups and affiliated with specific geopolitical agendas.

6. It is recommended that organizations ensure security hygiene for their OT systems, reduce the attack surface, and implement zero trust practices to mitigate the risks posed by such threats.

7. A destructive malware strain called Fuxnet, described as “Stuxnet on steroids,” has been used against a Russian company, capable of irrevocably destroying the filesystem, blocking access to the device, and physically destroying the NAND memory chips, among other disruptive actions.

8. Malicious actors are using various sources, such as the internet, email clients, and removable storage devices, to spread malware and carry out malicious activities targeting organizations’ OT infrastructure.

Full Article