Fortinet, a global leader in broad, integrated, and automated cybersecurity solutions,
today announced the findings of its 2019 Operational Technology Security Trends
The report, analyzing data gathered from millions of Fortinet devices to discern the state of
cybersecurity for supervisory control and data acquisition (SCADA) and other industrial
control systems (ICS). The analysis found many attacks on OT systems that seem to
target older devices running unpatched software, indicating that OT networks are
increasingly being targeted by IT-based legacy attacks that are no longer effective
against IT networks. The report also highlights a rise in purpose-built OT attacks
designed to target SCADA and ICS systems. The majority of these attacks tend to target the weakest parts of OT networks often taking advantage of the complexities caused by a lack of protocol standardization and a sort of implicit trust that seems to permeate many OT environments. This trend is not limited to specific sectors as threat actors targeting OT environments did not discriminate according to industry or geography, as every vertical and region saw a significant rise in attacks.
Key findings from the Fortinet 2019 Operational Technology Security Trends Report:
- Exploits increased in volume and prevalence in 2018 for almost every ICS/SCADA vendor. In addition to the recycled, IT attacks being thrown at unpatched or non-updated OT devices, 85% of unique threats detected targeted machines running OPC Classic, BACnet, and Modbus.
- Cybercriminals targeted devices by exploiting the wide variety of OT protocols in place - many of which are specific to functions, industries, and geographies. Due to the prevalence of legacy protocols and the slow replacement cycle for OT systems to deploy new architecture cybercriminals have actively attempted to capitalize by targeting the weak links in each protocol. These structural problems are exacerbated by the lack of standard protections and poor security hygiene practiced with many OT systems.
- Custom OT attacks are also on the rise. Malware targeting ICS and SCADA systems have been developed and deployed for a decade or longer. The attack
specifically designed for OT systems seems to be on the rise, with safety system increasingly a target. A handful of OT-based attacks over the past decade have managed to make headlines, including Stuxnet, Havex, BlackEnergy, and Industroyer. Most recently, Triton/Trisis targeted safety instrumented system (SIS) controllers which are the first true cyber-physical attack on OT systems.
- Ransomware continues to attack OT systems: As of late 2018, Ransomware attacks on IT systems have declined and many threat actors appear to have
“moved on” to other types of attacks like cryptojacking. However, cybercriminals
tend to recycle existing malware to attack OT systems. This may suggest that
ransomware will be a bigger threat for OT systems than for IT ones in the near
term.
- Attacks on heating, ventilation and air conditioning (HVAC) systems and electrical grids are more likely to occur when these systems are operating at
peak usage—most often during the Northern Hemisphere’s summer months.
The age of an OT system is also a factor, with adversaries tending to target older
technology more frequently than newer.
As OT systems become more connected, the trend of increased attacks seems likely to
continue. This new exposure requires organizations to adhere to more rigorous security
operations and life-cycle management best practices to protect their organizations from
major threats to the core of their business. As a result, OT and IT teams need to come
together to respond comprehensively to increasing threats.