Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices


Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices.

Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by different nation-backed actors, including attacks by IRGC-affiliated “CyberAv3ngers” in November 2023, as well as pro-Russian hacktivists in early 2024. These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and prevent critical systems from becoming easy targets. OT systems, which control real-world critical processes, present a significant target for cyberattacks.

Read more…
Source: Microsoft


Sign up for our Newsletter


Related:

  • Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS

    August 10, 2023

    Microsoft’s cyberphysical system researchers recently identified multiple high-severity vulnerabilities in the CODESYS V3 software development kit (SDK), a software development environment widely used to program and engineer programmable logic controllers (PLCs). Exploitation of the discovered vulnerabilities, which affect all versions of CODESYS V3 prior to version 3.5.19.0, could put operational technology (OT) infrastructure at risk ...

  • CISA Releases Twelve Industrial Control Systems Advisories

    August 10, 2023

    CISA released twelve Industrial Control Systems (ICS) advisories on August 10, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-222-01 Siemens Solid Edge, JT2Go and Teamcenter Visualization ICSA-23-222-02 Siemens Parasolid Installer ICSA-23-222-03 Siemens JT Open, JT Utilities, and Parasolid Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • Common TTPs of attacks against industrial organizations

    August 10, 2023

    In 2022 Kaspersky investigated a series of attacks against industrial organizations in Eastern Europe. In the campaigns, the attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems. Based on similarities found between these campaigns and previously researched campaigns (e.g., ExCone, DexCone), including the use of FourteenHi variants, specific TTPs ...

  • CISA Releases Five Industrial Control Systems Advisories

    August 3, 2023

    CISA released five Industrial Control Systems (ICS) advisories on August 3, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-215-01 Mitsubishi Electric GOT2000 and GOT SIMPLE ICSA-23-215-02 Mitsubishi Electric GT and GOT Series Products Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • CISA Releases Five Industrial Control Systems Advisories

    July 27, 2023

    CISA released five Industrial Control Systems (ICS) advisories on July 27, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-208-01 ETIC Telecom RAS Authentication ICSA-23-208-02 PTC KEPServerEX Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • CISA Releases Four Industrial Control Systems Advisories

    July 25, 2023

    CISA released four Industrial Control Systems (ICS) advisories on July 25, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-206-01 AXIS A1001 ICSA-23-206-02 Rockwell Automation ThinManager ThinServer Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency