Chris Grove, security strategist for industrial control systems (ICS) for Nozomi Networks Labs, recently talked with me about the latest research they’ve conducted. The important takeaways concern the rise of ransomware, increased targeting of industrial control systems, and (surprisingly to me) vulnerability of networked security cameras.
The report finds attacks are driven largely by the emergence of Ransomware as a Service (RaaS) gangs that are cashing in on critical infrastructure organizations. Analysis of rising ICS vulnerabilities found critical manufacturing vulnerabilities was the most susceptible industry while a deep dive into IoT security cameras highlights how quickly the attack surface is expanding.
“Colonial Pipeline, JBS and the latest Kaseya software supply chain attack are painful lessons that the threat of ransom attacks is real,” said Nozomi Networks Co-founder and CTO Moreno Carullo. “Security professional must be armed with network security and visibility solutions that incorporate real time threat intelligence and make it possible to quickly respond with actionable recommendations and plans. Understanding how these criminal organizations work and anticipating future vulnerabilities is critical as they defend against this unfortunate new normal.”
Nozomi Networks’ latest “OT/IoT Security Report,” gives cybersecurity professionals an overview of the OT and IoT threats analyzed by Nozomi Networks Labs security research team. The report found:
- Ransomware attacks rose 116% between January and May of 2021.
- Average ransom grew 43% to $220,298 – with payments expected to reach $20 billion this year
- Analysis of DarkSide, REvil and Ryuk highlight the growing dominance of RaaS models
- REvil set a new record for ransom demands, surpassing $50 million – the infamous RaaS also successfully executed a supply chain attack – tactics typically only seen from sophisticated nation-state actors.
- ICS-CERT vulnerabilities increased 44% in the first half of 2021
- Vulnerabilities in the critical manufacturing sector rose 148%
- The top 3 industries affected included critical manufacturing, a grouping identified as multiple industries, and the energy sector
- Software supply chain-related vulnerabilities continue to surface – as do medical device vulnerabilities
- With more than a billion CCTV cameras expected to be in production globally this year, insecure IoT security cameras are a growing concern. The report includes an analysis of the Verkada breach and security vulnerabilities in Reolink cameras and ThroughTek software – discovered by Nozomi Networks Labs.
“As industrial organizations embrace digital transformation those with a wait and see mindset are learning the hard way that they weren’t prepared for an attack,” said Nozomi Networks CEO Edgard Capdevielle. “Threats may be on the rise, but technologies and practices to defeat them are available now. We encourage organizations to adopt a post-breach mindset pre-breach and strengthen their security and operational resiliency before it’s too late.”
