As IoT data production increases on the cloud and at the edge, cyberattacks are on the rise, making the necessity to protect this data more important than ever before. Nozomi Networks publishes a biannual OT/IoT Security Report that details the increased cyberattacks and latest defending strategies employed by organizations in a variety of industries. According to the latest report, there were over 650 vulnerabilities identified from July through December of 2021 — a massive 21% increase over the previous six months.
Nozomi’s report noted that the supply chain seems to be the biggest opportunity for cyberattacks because they can easily spread across services and products to the end-user. These attacks are related to ransomware and ransomware as a service attack which sees an upward trend on a global basis. Apache Log4j, an Apache open-source Java library used for logging, was a vulnerability revealed in December 2021. It was the most significant new example of the supply chain vulnerability, meaning that it is code that many other applications rely on.
On the positive side, Nozomi Networks also found early signs of defenders improving their security strategies and building more powerful software checks using artificial intelligence.
“Threats may be on the rise, but technologies and practices to defeat them are available now as we have greater insights into the nature of the vulnerabilities and attacks,” said Nozomi Networks Co-founder and CTO Moreno Carullo. “We encourage more organizations to strengthen their security and situational awareness so they too are prepared in the face of an attack,” he added.
In the agriculture and food industry, ransomware groups REvil and DarkSide have caused substantial devastation with five major attacks including JBS, a global food processor and meat supplier which paid an $11M ransom to REvil. According to the U.S. Cybersecurity and Infrastructure Security Agency, the food and agricultre industry are more susceptible to cyberattacks being one of the very lucrative targets. Nozomi Networks found two medical advisories containing vulnerabilities and both of them concerned Philips organizations. The ICSMA-21-322-01 concerned about Philips Patient Information Center iX which receives and collects the patient data, while ICSMA-21-322-02 is about the firmware of Philips devices found in PIC iX deployment.
Approaches to boosting security
Nozomi Networks offered some recommendations after analyzing the insights from the research. Among the recommendations: the need for multiple approaches working simultaneously like complementary technologies, well-defined oversights, and security hygiene. Also, most ransomware attacks begin with users clicking on malicious email links even within a well-organized and secured network. Thus, network segmentation is another important cyber defense strategy that needs more focus to prevent the spread of malware in critical applications.
The primary suggestions come in the way of increasing network segmentation to a Zero Trust model, meaning all the network connectivity between the individual endpoints is denied other than connections that are explicitly allowed. To do this, there needs to be monitoring of the traffic pattern to check any uncertainties.
Overall, cybersecurity will always be an area of interest for large organizations trying to protect confidential data. The main goals need to start from monitoring traffic flow from each employer’s system and keeping it within a closed ecosystem.
ICS | IT/OT | Log4J | Nozomi Networks | ransomware | security