Kaspersky specialists have recognized a number of key contributors to the success of Superior Persistent Menace (APT) operations inside victims’ networks. These elements embrace human parts, insufficient safety measures, difficulties with updates and configuration of cybersecurity options, and different associated points.
Though a few of these causes could seem trivial, they’re generally encountered throughout incident response actions. To help corporations in mitigating these threats and selling the adoption of greatest practices, the specialists have compiled an inventory of probably the most prevalent points:
Inadequate Isolation of OT Networks
The safety of Operational Know-how (OT) networks is compromised attributable to an absence of correct isolation, as highlighted by incident investigations carried out by Kaspersky specialists. One frequent concern is the presence of engineering workstations which might be linked to each the common IT community and the OT community, leaving vulnerabilities within the system.
Relying solely on community gear configuration for OT community isolation proves to be ineffective towards skilled attackers who can simply reconfigure the gear to their benefit. These attackers can exploit such configurations to manage malware visitors or use them as a storage and supply system for malware, even in supposedly remoted networks. Kaspersky has noticed such malicious actions on a number of events.
The Human Think about Cybercriminal Actions
Granting entry to OT networks with out contemplating correct data safety measures can result in exploitation. Distant administration utilities like TeamViewer or Anydesk, initially arrange briefly, usually stay lively and may be exploited by attackers.
Dissatisfied workers, pushed by numerous motivations reminiscent of work assessments, earnings, or political elements, could have interaction in cybercriminal actions. Implementing a Zero Belief strategy, the place neither the consumer, gadget, nor software throughout the system is inherently trusted, can mitigate such dangers.
Insufficient Safety and Configurations of OT Belongings
Incident evaluation has revealed a number of vulnerabilities in OT networks, together with outdated safety answer databases, lacking or eliminated license keys, disabled safety parts, and extreme exclusions from scanning and safety. These shortcomings contribute to the unfold of malware throughout the networks.
For instance, outdated databases and failure to replace safety options routinely create alternatives for superior threats to propagate rapidly, particularly in APT assaults, the place subtle risk actors intention to keep away from detection.
Insecure Configurations of Safety Options
APT teams/actors critically rely on correct configurations of safety options to forestall them from being disabled or abused. Attackers could hijack vital IT techniques and goal the administration servers of safety options to collect data or use instruments throughout the safety system to unfold malware to supposedly separate techniques.
The Lack of Cybersecurity Safety in OT Networks
Surprisingly, some OT networks lack cybersecurity options put in on many endpoints, leaving them susceptible to assaults. Even when the OT community is bodily separated from different networks and never linked to the Web, attackers can nonetheless discover methods to achieve entry. As an illustration, they’ll distribute specifically crafted malware by way of detachable drives like USBs.
Challenges with Workstation and Server Safety Updates
Industrial management techniques have distinctive operational necessities, making duties like putting in safety updates on workstations and servers difficult. These updates usually require cautious testing throughout scheduled upkeep, resulting in rare updates. Menace actors benefit from this delay to use identified vulnerabilities and perform assaults.
Updating the server’s working system could even necessitate upgrading specialised software program like SCADA servers, which may be pricey. Industrial management system networks generally have outdated techniques consequently. Surprisingly, even Web-facing techniques in industrial enterprises, that are comparatively simpler to replace, can stay susceptible for prolonged intervals, exposing operational know-how (OT) to assaults and severe dangers.
