Microsoft Warns of Growing Operational Technology Device Attacks

In a recent report, Microsoft warns that the number of attacks targeting Internet-connected operational technology (OT) devices is on the rise.

In a blog post, the company's investigations found that OT devices, which are hardware and software typically used in industrial settings to monitor and control machinery, have had a steady increase in attacks leveraged against them since late 2023. This poses a significant threat, according to Microsoft, which said threat actors target these systems to take control, which could lead to major outages or damaged hardware.

"Adding to the potential damage of attacks on OT systems are their often-lacking security measures, which make OT attacks not only attractive for attackers but also relatively easy to execute," said Microsoft. "Many OT devices, notwithstanding common security guidelines, are directly connected to the internet, making them discoverable by attackers through internet scanning tools. Once discovered by attackers, poor security configurations, such as weak sign-in passwords or outdated software with known vulnerabilities, could be further exploited to obtain access to the devices."

The Microsoft Digital Defense Report 2023 found that 78 percent of industrial network devices monitored by Microsoft Defender for IoT had known vulnerabilities. Among these, 46 percent used deprecated firmware and 32 percent operated outdated systems with unpatched vulnerabilities.

Microsoft's latest report found that the Israel-Hamas conflict highlighted the peril of OT system vulnerabilities, with a spike in cyberattacks targeting Israeli companies. Microsoft's analysis of these attacks revealed a common method: exploiting Internet-exposed, poorly secured OT devices.

This methodology was evident in the November 2023 attack on the Aliquippa water plant in Pennsylvania, which was manufactured in Israel. Attributed to the Islamic Revolutionary Guard Corps-affiliated (IRGC) "CyberAv3ngers" and tracked by Microsoft as Storm-0784, the attack led to the shutdown of a pressure regulation pump and defacement of the device's interface. In response, the U.S. Department of Treasury sanctioned officials from the IRGC.

Microsoft's report also found that OT-focused attacks have not been limited to public sector facilities, but also have affected private enterprises. While the public sector has been implored to implement proper risk management and protection of OT systems, the diversity of target profiles illustrates that ensuring OT security in the private sector is equally crucial, said Microsoft.

To mitigate such threats, Microsoft recommends adopting comprehensive IoT and OT security solutions like Microsoft Defender for IoT, conducting vulnerability assessments, reducing unnecessary Internet connections to OT devices, and implementing Zero Trust practices with network segmentation. These measures aim to prevent attackers from exploiting vulnerabilities and compromising critical systems.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube