All over the world, OT supply chains are under attack. Hacker syndicates and nation-state actors are exploiting the supply chain to get at OT assets and upset operations. Here are some of the prevalent methods that hackers use to disrupt operations and what you can do now to protect against them.
Software and Firmware
Software products have become an inviting attack vector for threat actors and here’s why:
Widely-Used Commercial Software Products
Thousands of companies may install a given software product from the same vendor. Malware in such a product can infect numerous networks. For example, the recent AnyDesk cyberattack exploited a popular remote access application to invade multiple ICS networks. When hackers succeed in installing malicious code into software apps, that makes their lives easier; they don’t have to bother directly hacking the networks, devices, and systems – the app users are inviting them in by loading the malicious code on their own networks.
Increasing Use of Open-Source Code
With open-source software solutions, anyone can contribute to the development of a program or app. Using this free access, hackers have programmed vulnerabilities into open-source solutions, making it easy for them to introduce threat to companies that use the software produced.
Foreign-Sourced Threats
In countries like China, where the government can exercise control over product production, software products may contain malicious code at the behest of the government.
Devices
Today, virtually all devices used in industrial operations can be accessed remotely via management applications and often through the internet. But since devices are often more focused on usefulness than OT security, they become attractive targets for cyber-sleuths. Here are some common vulnerabilities found in devices that can be exploited for malicious purposes:
Weak Passwords
Many devices are “protected” only by easily guessable passwords. These are essentially an open invitation for hackers to gain access.
Out-of-the-Box Passwords
Devices are often shipped with default passwords which operators forget to customize upon device installation. When thousands of a certain device are implemented with “admin” as their password, a hacker doesn’t have to be a genius to figure out how to gain access.
Lack of Regular Updates
Manufacturers may not release timely security updates for IoT devices, leaving them vulnerable to known exploits. As an example, many medical devices and systems are based on the Windows XP operating system which isn’t secure and isn’t even supported any longer.
Lax Patching
Even when manufacturers do release updates, ICS operators are often reluctant to apply them right away, citing risk to operations. Many times, the patches never find their way into the devices.
Weak Encryption
Some devices transmit data in an unencrypted or weakly encrypted format, allowing hackers to steal sensitive information.
OT Networks
Today, devices and machines are connected to networks. So, hackers work hard to find ways to get onto OT networks to steal data and upset operations.
Segmentation
Segmentation of OT networks provides a crucial layer of physical security that cordons off one network segment from others. The most important of these is separating the OT network from the IT network to prevent IT breaches from expanding in the OT area. But even within the OT network, there are areas of extreme importance and other areas of less importance. These should be segmented from each other.
In many installations, there is one network to which all devices are connected. In other installations, there are multiple network segments but they were created with convenience and not security in mind. There are numerous cases where the segments are insufficiently protected from each another.
Hackers exploit the lack of or weak segmentation to spread their activities across operations, finding important processes and gaining access to the crown jewels.
Monitoring
Despite all the security precautions, hackers will still find their way into OT networks to steal data and upset operations. No OT network should be operated without a comprehensive monitoring solution that will detect anomalous behavior and promptly report on it before much damage can be done.
Immediate Fixes to Add Layers of Security
To protect against unexpected threats to the supply chain, it’s crucial to implement these four crucial cybersecurity measures as soon as possible:
1. Change Default Passwords
Don’t just change the default passwords that come with devices – make sure you use a strong and unique password for each one. Keep a log of each device and its password – but not in a place where hackers can get at it.
2. Apply Regular Updates and Patches
Find maintenance windows and other downtime to implement the latest firmware, software, and security patches at the first possible moment. Keep a patch log.
3. Segment the Network
Isolate critical systems on their own network segment from the rest to limit the potential damage a breach can cause. While segmentation can be costly and time-consuming, it is worth its security weight in gold. One Radiflow partner has a good, cost-effective, and non-disruptive solution to quick network segmentation.
4. Monitor the Network 24/7
Despite all the security precautions, hackers will still find their way into OT networks to steal data and upset operations. Operators must implement a comprehensive monitoring solution that will quickly detect and alert on improper behavior. Radiflow iSID offers a great monitoring solution. It can be implemented quickly in all sorts of simple and complicated industrial settings.
Conclusion
Lengthening OT supply chains offer hackers numerous attack vectors for exploiting software and firmware, devices, and networks. In this blog, we provided four recommendations for adding security layers right away. In our next blog, we will discuss larger and longer-term supply-chain security issues.
Do these four things now to boost supply chain security
Harmonizing risk and consequence strategies across IT and OT environments for greater cyber resilience
Strengthening OT Resilience: Protecting Critical Systems in a Rapidly Evolving Threat Environment
Quarterly ICS Security Report 2024 Q3