Operational Technology Attacks Increased By Over 2000% In 2019, Reveals IBM Report

• The piece of malware that was most commonly used in these attacks was the Mirai variant named Echobot.
• Echobot made its first appearance last year and since then has incorporated over two dozen different exploits.

Operation Technology (OT) attacks have reached an all-time high. A report from IBM X-Force Threat Intelligence Index shows that attacks targets operation technology infrastructure has increased by over 2000 percent in 2019 compared to the previous year. Interestingly, the piece of malware that was most commonly used in these attacks was the Mirai variant named Echobot.

About Echobot’s exploits

Echobot made its first appearance last year and since then has incorporated over two dozen different exploits including ones targeting enterprise and ICS products.

• The ICS-specific exploits included in Echobot are CVE-2019-14931 and CVE-2018-7841.
• While CVE-2019-14931, an unauthenticated OS command injection vulnerability, affects Mitsubishi Electric ME-RTU devices, CVE-2018-7841 (a remote code execution flaw) impacts Schneider Electric’s U.Motion Builder product.

Brand impersonation also on the rise

IBM also highlights that phishing was one of the most popular attack methods used in 2019, and hackers primarily spoofed tech companies and social media platforms to trap more victims. By spoofing a well-known brand, bad actors could easily steal personal data from users with less effort.

The top 10 brands spoofed in spam campaigns in 2019 were:

• Google (39%)
• YouTube (17%)
• Apple (15%)
• Amazon (12%)
• Spotify (5%)
• Microsoft (3%)
• Facebook (2%)
• Instagram (15%)
• WhatsApp (1%)

The most targeted areas

North America and Asia suffered the largest data losses, with 5 billion and 2 billion records compromised, respectively.

New and old security threats to track in 2020

The X-Force researchers predict that the risk surface will keep getting bigger with more than 150,000 current vulnerabilities and new ones surfacing all the time. In addition to this, ransomware and cryptominers will also continue to evolve over the years. Bad actors will be looking for new targets, including IoT devices, operational technology and connected industrial and medical systems. The risks posed by ongoing spam will require blacklisting, vulnerability patching, and threat monitoring.