Technology NewsMicrosoft - Critical infrastructure in the crosshairs

Microsoft – Critical infrastructure in the crosshairs


Serious vulnerabilities have been found in three quarters of the most common industrial controllers – warns Microsoft in its latest security report. With the intertwining of IT and operational technology, the vulnerability of critical infrastructures to attack is rapidly increasing, but companies must start with non-IoT-specific measures to protect the zero trust environments based on the Internet of Things.

Although interconnected information technology (IT) and operations (OT) technology together with all devices connected to the Internet of Things (IoT) effectively help companies modernize their work environment, data-driven transformation of business operations, process automation and remote monitoring of infrastructure, in the absence of adequate protection increases the risk of unauthorized access to devices and networks – he points out in the third edition of Microsoft’s Cyber ​​Signals report (Risks to critical infrastructure on the rise), published in December. The study draws attention to cyber security trends identified by the software company’s 8,500 experts during the analysis of 43 trillion security signals received daily from devices connected to the network.

In the past year, Microsoft has observed attacks launched to exploit connected devices in almost all monitored and network-visible areas of organizations – in IT environments in the classic sense as well as operational technology (programmable systems that interact with the physical environment) and IoT devices, for example, in the area of ​​routers and cameras. The latter, the increased vulnerability of OT and IoT environments, is a great challenge for all organizations, regardless of industry, but carries a particularly high risk in the case of critical infrastructures, emphasizes Microsoft. Even by simply disrupting services that are vital to the functioning of companies and society in general, a serious blow can be inflicted on the victim – or a large ransom can be extorted from him – which is why attackers acting for various motives see such infrastructures as a particularly attractive target.

Air gap attacks

By connecting the OT and IT systems controlling energy, transport, telecommunications, industrial and other critically important infrastructures, the borders between the two worlds, once isolated from each other, are loosened, which significantly increases the risk of attacks crossing them, as well as the security exposure of the environments. According to Microsoft data, between 2020 and 2022, the number of serious vulnerabilities discovered in the most common industrial control systems increased by 78 percent. In addition, there are more than 1 million devices on the Internet running the outdated, no longer supported – but still widely used in IoT devices and their development kits – Boa software. Even more worryingly, the software company nevertheless found serious vulnerabilities in 75 percent of the most common industrial controls that companies did not install patches to eliminate.

These data also show that with the disappearance of the previous air-gap separation of IT and OT environments and the disappearance of network boundaries, organizations must urgently strengthen the cyber protection of the digital connection between the two worlds – and with advanced threats, sophisticated malicious software, targeted attacks and effective protection against internal, malicious users will require several measures.

Actors who launch advanced attacks use multiple approaches and tactics, many of which – discovering vulnerable systems connected to the Internet, abusing employee IDs or access rights granted to external partners – are already known from the world of IT environments, but are still unknown in OT environments. more effective. The air gap between two worlds, which have been physically isolated from each other for a long time, for example, can now easily be crossed by attackers using these methods. It is enough for them to infect the laptop of an external partner – for example, a supplier performing maintenance of a device operating in an OT environment – and on the next outing, the malicious software that opens the door to further, more advanced attacks can be delivered to critical systems that are not connected to the Internet.

All-seeing and regulatory protection

According to the forecast of the International Data Corporation (IDC), 41.6 billion IoT devices will be connected to the Internet of Things in 2025, which means that their number may grow faster than traditional IT devices in the next few years. But while the cyber protection of the latter has been strengthened by suppliers and users in the recent period, IoT and OT devices have not kept pace with this development, which an increasingly wide range of attackers are trying to take advantage of.

Their work is increasingly facilitated by the fact that other actors of the underworld can also quickly and easily access a significant part of the particularly advanced and effective tools used in cyber attacks launched by nation states against critical infrastructure. For example, 72 percent of the devices used for Incontroller attacks classified in this category by the American agency CISA (Cybersecurity and Infrastructure Security Agency) are already available on the online marketplaces of the cyber world.

In the expanding economy of cybercrime, it is not only easier to access similar devices, but also to use them, and the entry threshold is becoming lower, so an even wider range of actors can now target critical infrastructures as well. Ransomware attacks, for example, which we previously identified as a threat to the IT environment, can now cause serious disruptions in OT environments as well, as demonstrated by the 2021 incident at the Colonial Pipeline in the United States. The control systems of the oil pipeline network had to be shut down for a while while the teams responding to the attack found and isolated the introduced ransomware in the company’s IT systems, so the fuel supply was also temporarily suspended.

The risk is further increased by the fact that in OT environments that previously operated in isolation from the Internet – which are much more fragmented than IT environments and often contain unique components – the installation of software fixes presents the operators with an incredibly difficult or downright impossible task. For example, manufacturing companies cannot easily shut down their machine lines just to test one of the software for vulnerabilities or to install a patch.

It is also not good news that nearly a third (29 percent) of Windows operating systems operating in networks monitored by Microsoft are no longer supported versions of basic software. Such devices, installed with the Windows 2000 or XP operating system, are often found in industrial or other vulnerable environments.

In order to manage the IT and OT risks of critical infrastructure, companies must first gain a complete overview of their other devices operating in the IT and operational environment and connected to the Internet of Things, their connections, and also what data, resources and services are available from the devices. Microsoft draws attention in its report. It is equally important that organizations dynamically and continuously monitor and evaluate changes in dependencies and risks. In the absence of this, they would hardly be able to prevent their sensitive data or their identifiers granting access to the control systems of the critical infrastructure and exceptional rights from falling into unauthorized hands.

In other words, organizations operating critical infrastructure can protect their OT environment connected to the Internet of Things and their industrial IoT solutions in the most effective way using a zero trust security model, but the architecture requirements for this are not IoT-specific. Companies can access trustless cyber protection that sees and regulates all devices, users and activities on the network with clear and continuous identification, access management that provides the most detailed, minimally necessary authorizations, and real-time threat detection.

Hardware, software, tests, interesting and colorful news from the world of IT by clicking here!


Please enter your comment!
Please enter your name here

Latest news

its Gorilla Glass Victus 2 debuts with the Galaxy S23

It was an open secret but it is no longer a secret, because Corning has officially confirmed that...

விஞ்ஞானிகள் தோலில் இருந்து மூளை வரை உணர்திறன் பாதைகளை கண்டுபிடிக்கின்றனர்

கொலம்பியா பல்கலைக்கழகத்தின் ஜுக்கர்மேன் இன்ஸ்டிடியூட் மற்றும் இரண்டு கூட்டாளர் நிறுவனங்களின் விஞ்ஞானிகள், சுட்டி ஆய்வுகளில் இன்பமான, பாலியல் மற்றும் வெகுமதியளிக்கும் சமூக தொடர்பு தொடர்பான...

ChatGPT even passes exams at American universities. How does it compare to real students?

It's been a while since ChatGPT software became widely available. Internet users have already tested it in...

Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation

Jan 26, 2023Ravie LakshmananThreat Analysis Google on Thursday disclosed it took steps to dismantle over 50,000 instances of activity...

Will artificial intelligence work instead of accountants?

Compared to paper-based processing, an online system based on machine learning and vision can reduce costs by up...

Microsoft urges admins to patch on-premises Exchange servers

Microsoft urged customers today to keep their on-premises Exchange servers patched by applying the latest supported Cumulative Update...

Must read

Flipkart Lava Probuds Rs.1 Flash Sale

Lava Probuds Flash Sale Trick Lava Republic Day Flash...