Forescout Research Elevates Warnings as Security Threats to Exposed Critical Infrastructure Go Ignored
2024年4月23日 - 10:01PM
ビジネスワイヤ(英語)
New report “Better Safe than Sorry” examines
the evolution of exposed OT/ICS data from 2017 to 2024 and
highlights a complete disregard for critical infrastructure threats
and the possibility of a mass attack
Internet exposure of Operational Technology (OT) and Industrial
Control Systems (ICS) continues to be a critical infrastructure
security issue despite decades of raising awareness, new
regulations, and periodic government advisories. Forescout, a
global cybersecurity leader, unveiled Better Safe Than Sorry, a
seven-year analysis of internet-exposed OT/ICS data. The study was
conducted by Forescout Research – Vedere Labs, a leading global
team dedicated to uncovering vulnerabilities in and threats to
critical infrastructure.
This press release features multimedia. View
the full release here:
https://www.businesswire.com/news/home/20240423583235/en/
Better Safe Than Sorry - April 2024;
Forescout Research - Vedere Labs (Graphic: Business Wire)
In the Better Safe Than Sorry report, Forescout researchers
examine the realistic opportunities for a mass target attack of
internet-exposed OT/ICS devices. These devices are fertile ground
for abuse as attackers look no further than using basic rationale
driven by current events, copycat behavior, or the emergencies
found in new, off-the-shelf capabilities or readily available
hacking guides to create chaos. Forescout released Better Safe Than
Sorry from HANNOVER MESSE, the world’s leading trade fair for
industrial technology. Forescout researchers can discuss these
findings in Hall 16, Booth: A12 in the IT & OT Circus, April
22-26.
“If these warnings sound familiar, it’s because they are. The
looming potential for a mass target scenario is high,” said Elisa
Costante, VP of Research at Forescout Research – Vedere Labs.
“Forescout calls on vendors, service providers, and regulatory
agencies to work collectively to prevent attacks on critical
infrastructure that will spare no one.”
Top research highlights in the Better Safe Than Sorry report
include:
- North America is making strides to close the gap, but there
is still work to do around the world. The US and Canada
significantly reduced the number of exposed devices during the
study period by 47% in the US and 45% in Canada. The other top 10
countries increased the number of exposed devices:
- Spain: 82%
- Italy: 58%
- France: 26%
- Germany: 13%
- Russia: 10%
- Proactive, targeted notification is urgently required.
The Unitronics hacking incidents and a combination of regulatory
alerts and media coverage led to a 48% reduction in internet
exposed Unitronics PLCs within two months. Notably, the decline in
Unitronics device exposure in Israel started in early as 2022,
coinciding with the initial reports of attacks on these devices.
Conversely, in the United States, the decrease only began towards
the end of 2023, following more recent attacks.
- Robust risk management strategies are critical. Many
internet-exposed OT devices and protocols stem from common system
integrator practices, such as delivering pre-packaged units that
act as black boxes to asset owners and inadvertently expose
multiple systems to the internet. Most asset owners are unaware
that these packaged units contain exposed OT devices. This
underscores the need for a precise and detailed software and
hardware bill of materials as a critical part of a comprehensive
risk management approach.
- Nearly half of the reported ports remain vulnerable to
attack. After incidents targeting Modicon and Wago PLCs,
Forescout researchers reexamined these exposed devices one year
after reporting some to CISA. Approximately half of the reported
PLCs retained the same open ports without any alterations or
protective measures. Thirty percent were no longer exposed to the
internet, while the remaining 20% remained exposed, but had closed
the OT port under scrutiny. Still, some FTP and web interfaces were
occasionally left vulnerable.
Good news, there are now less than 1,000 exposed devices
running Nucleus and approximately, 5,500 running NicheStack.
This is a significant reduction after the exposure was revealed in
the original Forescout research in Project Memoria.
"Time and again, we've seen the dire consequences of ignoring
critical infrastructure threats,” adds Costante. “It's not a matter
of if, but when, these vulnerabilities will be exploited. Let's
heed the warnings and take proactive measures to safeguard our
infrastructure before it's too late."
Many asset owners are likely unaware that OT/ICS systems contain
potentially vulnerable devices exposed to the internet, once again
highlighting the need for an accurate and granular software and
hardware bill of materials as part of a comprehensive risk
management strategy. Download the full report, Better Safe Than
Sorry, now at
https://forescout.com/resources/better-safe-than-sorry-proactively-identifying-at-risk-internet-exposed-otics/.
How Forescout Research Works
Forescout Research employs its Adversary Engagement Environment
(AEE) to conduct analysis, leveraging a blend of real and simulated
connected devices. This dynamic environment functions as a robust
tool, enabling the pinpointing of incidents and identifying
intricate threat actor patterns at a granular level. The
overarching objective is to elevate responses to complex critical
infrastructure attacks by leveraging the detailed insights and
understanding derived from this specialized deception environment.
The AEE is maintained by Vedere Labs, a leading global team
dedicated to uncovering vulnerabilities in and threats to critical
infrastructure. Forescout products directly leverage this research,
which is shared openly with vendors, agencies, and other
researchers.
About Forescout
Forescout Technologies, Inc., a global cybersecurity leader,
continuously identifies, protects and helps ensure the compliance
of all managed and unmanaged connected cyber assets – IT, IoT, IoMT
and OT. For more than 20 years, Fortune 100 organizations and
government agencies have trusted Forescout to provide
vendor-agnostic, automated cybersecurity at scale. The Forescout®
Platform delivers comprehensive capabilities for network security,
risk and exposure management, and threat detection and response.
With seamless context sharing and workflow orchestration via
ecosystem partners, it enables customers to more effectively manage
cyber risk and mitigate threats.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240423583235/en/
Media:
Kafka Kommunikation Markus Reck & Regina Urich
Mreck@kafka-kommunikation.de Rurich@kafka-kommunikation.de James
Kenny RH Strategic for Forescout forescoutPR@rhstrategic.com
Carmen Harris carmen.harris@forescout.com