Cyber attackers have been extremely invested in targeting industrial networks, utilities, and other critical infrastructure. Over the course of the past year, researchers at Dragos have identified 15 threat groups, including four new groups, targeting Operational Technology (OT) and Industrial Control Systems (ICS).
- The operators behind these newly identified operations are named Stibnite, Talonite, Kamacite, and Vanadinite. These groups have their own specific target specifications.
- Stibnite focuses on wind turbine companies that generate electric power in Azerbaijan while Talonite focuses on gaining access to electricity providers in the U.S.
- Kamacite focuses on the industrial operations of energy companies across North America and Europe. Vanadinite targets energy, manufacturing, and transportation sectors across Asia, Australia, Europe, and North America.
Cause of concern
The annual analysis of the ICS/OT-focused threats indicates some serious threats to the security of the ICS and OT environment:
- The service engagement included a finding of lack of visibility across OT networks (90%), improper network segmentation (88%), and shared credentials in OT systems (54%).
- The report has revealed that 43% of ICS vulnerability advisories contained errors, 64% of advisories had no patch, and no practical mitigation advice provided by the vendor
- In addition, 61% of advisories that had a patch did not have any alternate mitigation advice provided by the vendor except for applying the patch.
Previously identified hacking groups
The recent discovery is an addition to 11 previously identified hacking groups including Xenotime, Parisite, Magnallium, Wassonite, Allanite, Chrysene, Dymalloy, Electrum, and more targeting ICS associated with power infrastructure.
Winding-up with recommendations
The ICS/OT community has long suffered from a lack of public visibility into these types of problem areas. Here are some practical recommendations for ICS defenders:
- Increase visibility over networks across OT.
- Focus on incident response.
- Heve robust network segmentation, and
- Manage IT & OT credentials separately.
Having a comprehensive security strategy along with well-defined policies, procedures, and tools can help organizations withstand and combat adverse situations.