When looking back at 2020 and 2021 the first thing that comes to mind is the different supply chain attacks on the industrial sectors. The successful attacks by threat actors exploited the industrial control systems (ICS) and operational technology (OT) networks of some of the largest organizations in the world.
As more industrial organizations’ OT networks are becoming more connected to the Internet and different cloud services for Industrial Internet of Things (IIoT), security teams need to rethink how to protect against different attacks. By connecting legacy operational devices to the modern Internet, it has opened a new threat landscape as adversaries will target organizations with supply chain attacks. This type of attack simplifies the access points for attackers to easily exploit an organization and move laterally within their network and in some cases exploit thousands of victims on the way.
In 2020 and 2021, the most popular attack methods by cyber criminals were targeted ransomware attacks and supply chain attacks. As seen in the SolarWinds Orion/Sunburst breach, a well-planned supply chain breach impacted over 18,000 organizations with more than 200 organizations exclusively being targeted with the Sunburst malware. This enormous attack on the security and global community was a wake-up call of the potential impact a supply chain attack can have on organizations. More importantly, security teams at industrial organizations needed to rethink their security strategies in light of the new threat landscape.
A quick lesson learned from the SolarWinds attack was that when the supply chain breaks down, the consequences can be very devastating and far-reaching. A more recent attack example in a popular industrial sector was the Colonial Pipeline ransomware attack. One of the largest fuel pipelines in the US was forced to stop all operations due to falling victim to a ransomware attack. Despite being more of a targeted ransomware attack and less related to a supply chain attack, it reinforced the idea that critical infrastructure systems don’t have the proper security technology and solution in place and are an easy target for cybercriminals.
Thinking Like an Adversary: Attacking Via Supply Chains
Often cyber attacks are not only directly targeting one victim, but they are also targeting an entire industry or a well-known vendor by exploiting and comprising the entire supply chain. In most cases, they are taking advantage of the supplier who is trusted by an organization to infiltrate and gain access to a network.
The most recent example of a very recent successful supply chain attack is the Kaseya. Kaseya, an IT solutions developer for MSPs and enterprise clients, fell victim to a cyberattack on July 2, 2021. The attackers carried out a supply chain ransomware attack by leveraging a vulnerability in Kaseya's VSA software against multiple managed service providers (MSP) -- and their customers. As of today, a suggested 800 to 1500 small to medium-sized companies were victim to a ransomware attack through their MSP. This shows how deep a successful supply chain attack can spread.
In the case of OT environments, supply chain attacks can go deeper. Many industrial manufacturers of OT systems build and design their operational equipment by using source components which often are third-party software and network interfaces. By using third-party software it can result in adversaries infiltrating secure networks by building backdoors into the equipment.
Adversaries can deploy compromised equipment into a system at any point in a system’s life cycle. The most common entry points of access for cybercriminals from the supply chain are malware, ransomware, viruses and unsecure devices. The recent successful supply chain attacks have brought up the idea of the importance of device patching in OT environments.
Device patching is often thought of as a basic cyber security process. At first glance, it looks to be a simple security practice where users apply updates to OT devices. The updates are usually provided by the vendors of the device to close any security holes in the OT assets. Industrial device patching management is the cycle of identifying available patches and vulnerabilities, reviewing patches, design deployment and mitigation steps, patch deployment and ensuring baseline data.
While this idea is very basic, too often security teams will overlook this important security practice. Also, device patching is not as straightforward as some people might think, it is most likely the single most time-consuming task for security teams. To help the device patching process we created a white paper where we discuss the costs of patching industrial devices and vulnerability discoveries on them. Here you can download the SCADAfence's The Comprehensive Guide To Industrial Device Patching,
Why Cyber Criminals Target Industrial Manufacturers
As each day passes cyber attackers are finding new threats and methods to exploit organizations in places they would not expect. This has become the reality for most industrial organizations that continue to fall victim to cyber attacks especially supply chain attacks. Most industrial manufacturing organizations are now working with multiple supply chain services to help adapt to modern technology changes and uptick their production numbers. While this is great for increasing productivity and production, security is often forgotten as the required resources and time for security is often not provided which results in minimal to zero inspection of the potential cyber threats.
This has resulted in industrial manufactures becoming prime targets for supply chain attacks as they are embedded within the supply chains of critical infrastructure such as water and wastewater, oil and gas, food and beverage. As a prime target of attackers it has motivated threat actors to cause physical harm, financial gain and in some cases stealing intellectual property.
In the case of OT systems and industrial control systems, the potential consequences of a supply chain attack can include damage to the industrial system, danger to the health and safety of employees and citizens, physical damage to the manufacturing plants, downtime and the most common adding harm in the supply chain and lost of product productivity and production.
As more successful supply chain attacks arise in the industrial manufacturing industry, the need for better OT security and improved security hygiene will be one of the top security priorities moving forward. What security steps should manufacturer organizations take to avoid becoming the next victim of a supply chain attack?
How to Protect the Unique OT Environments
Before ensuring OT networks are secure, organizations need to make sure they have the right team handling OT security. Too often industrial organizations are expecting their IT security team to handle their OT assets. Instead, these organizations should consider a dedicated OT security team who will be in charge of the different OT technologies and equipment such as smart meters and PLCs.
Once there is a dedicated OT security team in place, organizations need to allow these teams to create a concrete OT security strategy. This will allow security teams to quickly detect and mitigate any security holes in their industrial systems against the increasing and more sophisticated cyber threats attacking OT networks and devices.
After an organization has cemented in its OT security strategy, the next important change is to employ supply chain security within the OT environments This presents the idea of getting a better understanding of which external vendors have access to the organization's internal OT networks and systems.
It’s important for organizations to clearly understand and identify how external vendors are accessing an organization's systems and who is responsible for their access. This allows all parties involved in the supply chain to provide constant communication which will translate into better visibility into OT networks and assets.
Additionally, industrial organizations need to understand what devices are in their OT networks. This is done by maintaining an asset inventory which allows organizations to visualize all their assets on their network and clearly understand the information and security of each asset.
By implementing a comprehensive OT security platform that is designed for the manufacturing industry and adopting the right OT security best practices it will allow organizations to be more prepared for any incoming supply chain attack on their OT environment.
To learn more about these products and see short product demos, click here: https://l.scadafence.com/demo