#USA #New York #Cybersecurity #Claroty #Cyber-Physical Systems

Increasing Threats to Critical Infrastructure

Recent research from Claroty, a leading company in cyber-physical systems (CPS) protection, has revealed alarming trends regarding the targeting of critical infrastructure. With the rise of politically and socially motivated cybercriminals, CPS has become a preferred target for opportunistic threat actors. This escalation emphasizes the urgent need for improved cybersecurity measures across various sectors, including manufacturing, healthcare, and utilities.

Key Findings from Claroty's Research

The report, titled "Analyzing CPS Attack Trends", outlines significant data gathered from over 200 attacks conducted by 20 different threat groups over a year. Notably, the research indicates that 82% of the CPS attacks involved the use of Virtual Network Computing (VNC) protocol clients to gain remote access to exposed internet-facing devices. Among these incidents, 66% included attacks on vital systems like Human Machine Interfaces (HMI) and Supervisory Control and Data Acquisition (SCADA), which monitor and control critical industrial functions.

Illicit access to these systems poses severe risks, including service disruptions, physical damage to assets, and risks to public safety. What's troubling is that many of these attacks are relatively low-tech and do not require advanced technical know-how, which makes them even more accessible to malicious actors.

Motivations Behind Attacks

The research reveals that many attacks on CPS are politically or socially motivated, often reflecting ongoing geopolitical tensions. For example:

• - 81% of incidents linked to Iran-affiliated groups were aimed at organizations in the U.S. and Israel.
• - 71% of attacks attributed to Russia-affiliated groups targeted organizations within the European Union (EU), with Italy, France, and Spain being the most affected.

As Amir Preminger, CTO of Claroty, stated, "Attackers are using relatively low-tech means to target critical sectors, and industries must strengthen their cybersecurity efforts to mitigate these threats."

Recommendations for Organizations

To counteract the rising tide of cyber threats, organizations managing CPS environments can adopt several proactive strategies:
1. Secure Internet-Facing Devices: It's essential to check and configure operational technology (OT) systems, smart devices, and IoMT devices properly to prevent their enumeration and unauthorized access.
2. Address Insecure Defaults: Organizations should proactively change default or weak passwords and secure configurations as new devices are deployed online.
3. Upgrade Insecure Protocols: Many attacks exploit outdated protocols that lack security features. Implementing more secure communication protocols will help protect sensitive assets.
4. Understand the Adversary: Gaining insights into hacker motivations and tactics is vital for determining potential targets within specific industries.

In light of these findings, organizations can no longer afford complacent cybersecurity practices around CPS. The increasing visibility of these attacks highlights a critical need to bolster defensive postures to safeguard not just infrastructure, but also public safety and trust.

Conclusion

Claroty's report underscores the pressing need for organizations to re-evaluate their cybersecurity strategies in response to evolving threats. As cybercriminals continue to adapt and target critical systems, investing in robust cybersecurity measures is imperative to secure our infrastructure against future attacks. For a comprehensive view of Team82's findings and recommendations, download the full report from Claroty.