Applied Risk Releases Report Revealing Companies are Struggling to Keep Up with Cyber Attack Defenses
Applied Risk released a report revealing that companies are struggling to develop their OT (operational technology) security defenses at a pace comparable to the speed of cyber-attackers. The OT landscape is becoming more and more complex due to a convergence between information technology, operational technology, and cybersecurity. The report can be found in the sources link below . The report takes into account issues that surround people, processes, and technologies that underlie current conditions in OT security. The report notes the sector has been shaped by numerous factors including lower-than-ideal staff levels, supply chain issues, nation-state attacks, rising number of sophisticated cyber-attacks, adoption of risk-based and OT-specific standards, and the failure to adopt enabling technologies. We suggest all companies to stay up to date on guidance from the industry's best cybersecurity professionals.
The Energy and Commerce Committee will hold a hearing on Tuesday, December 7, at 10:30 a.m. (EST) entitled “Securing our Energy Infrastructure: Legislation to Enhance Pipeline Reliability.” The committee and subcommittee chairs released a joint statement highlighting the importance of pipeline security and reliability in the wake of the Colonial Pipeline ransomware attack, and the failure of Texas’ natural gas infrastructure during a winter storm. The congressmen proposed creating a new entity charged with developing enforceable pipeline reliability standards, including cybersecurity, similar to the electric sector . This hearing builds on a DHS Security Directive issued on July 20, 2021, mandating cybersecurity measures for critical pipelines transporting hazardous liquids and natural gas . We recommend that parties in the pipeline industry and industrial cybersecurity sector stay abreast of the hearing and potential legislation. Increased government regulation of critical pipelines offers increased opportunities for those industrial cybersecurity firms positioned to provide essential services.
Mandiant released details about the UNC2190 ransomware group, also called Sabbath, Arcane, or Eruption. UNC2190 has been targeting critical infrastructure in both the US and Canada. Targeted sectors include health, education, and natural resources. This threat actor uses a complex extortion model where ransomware deployments are limited, but data is stolen in large amounts as they actively try to destroy backups . We recommend that critical infrastructure sectors continuously backup their data and exercise incident response plans. For more information on contingency planning, refer to NIST SP 800-34 .
The Department of Energy (DOE) published a request for information (RFI) seeking consultation from stakeholders on various issues facing the energy sector supply chain, including cybersecurity. The input will reportedly assist the department in building an energy sector industrial base that is resilient and competitive while meeting economic and national security objectives. As part of the RFI, DOE seeks responses to improve its understanding of the cybersecurity policy needs of the private sector. Additionally, the RFI requests direction from industry on how the government should approach hardening of digital components against physical and virtual tampering, and how it should prioritize the protection of digital component supply chains . The RFI comes at a time when cyber threats to critical infrastructure are a growing national security concern, prompting several national initiatives. Therefore, it is important that energy sector stakeholders participate in RFI processes to help shape effective security policy. We recommend reviewing the RFI for information and requests that may be relevant to your organization.
According to a Kaspersky report, cybercriminals in 2021 compromised thousands of industrial organizations worldwide and 2022 may present even more of a challenge. For some of these organizations, the consequences of a security compromise in 2021 may not actually catch up with them until 2022, the report claims. The report points out that to counter detection, cybercriminals are adopting the strategy of frequently upgrading malware in their chosen family. They use malware at its peak effectiveness to break through the defenses of security solutions and then switch to a new build as soon as the current one becomes readily detectable. The evolution of modern malware-as-a-service platforms makes it much easier for malware operators globally to use this strategy . Industry must take notice of attackers adopting initiatives to reduce the number of targets per individual attack, decrease the life cycle of malware, minimize the use of malicious infrastructure, and realize that modern advanced persistent threats are more persistent than advanced in nature. We recommend reviewing the trends and attack vectors contained in the report.