Executive Summary
In the rapidly evolving landscape of facilities management, the integration of Information Technology (IT) and Operational Technology (OT) systems has become a double-edged sword. While it offers enhanced operational efficiency and connectivity, it also exposes facilities to a myriad of cybersecurity threats. This report, based on the article "Getting Serious about Facilities Cybersecurity" from FacilitiesNet, delves into the vulnerabilities inherent in IoT devices and the challenges posed by IT/OT convergence. It highlights specific vulnerabilities, real-world incidents, and mitigation strategies to help organizations fortify their cybersecurity posture.
Technical Information
The proliferation of IoT devices in facilities management is staggering, with predictions indicating over 29 billion devices by 2030. These devices, ranging from routers and cameras to smart home components, are increasingly targeted by cybercriminals. The primary infection vectors include brute-forcing weak passwords and exploiting vulnerabilities in network services. The Telnet protocol, widely used in IoT devices, is particularly vulnerable due to its lack of encryption. In 2023, a staggering 97.91% of password brute-force attempts targeted Telnet, with the majority of these attacks originating from China, India, and the United States.
The convergence of IT and OT systems presents unique challenges. IT systems, responsible for data processing and storage, require robust protection against unauthorized access. Conversely, OT systems, such as building automation and fire control systems, must be safeguarded against cyber threats that could lead to physical damage. The integration of these systems necessitates a collaborative approach between IT and facilities management teams to ensure comprehensive security measures are in place.
A notable real-world incident underscores the potential impact of cyber threats on physical infrastructure. A facilities manager inadvertently clicked on a malicious email attachment, triggering a ransomware attack on the facility's control system. This attack resulted in physical damage to central plant equipment, highlighting the critical need for robust cybersecurity measures.
Exploitation in the Wild
IoT devices are frequently leveraged in Distributed Denial of Service (DDoS) attacks, with botnets composed of these devices being highly sought after on dark web forums. In the first half of 2023, over 700 advertisements for DDoS attack services were discovered on various dark web platforms, with an average price of $63.5 per day. Additionally, IoT devices are increasingly targeted for ransomware attacks, as evidenced by the DeadBolt ransomware incident that affected QNAP NAS devices in 2022.
APT Groups using this vulnerability
While specific Advanced Persistent Threat (APT) groups targeting facilities management systems are not explicitly mentioned, the sectors and countries most affected by these vulnerabilities include critical infrastructure and industrial sectors in regions with high IoT adoption rates, such as North America, Europe, and parts of Asia.
Affected Product Versions
The vulnerabilities primarily affect IoT devices utilizing outdated protocols and software components. This includes devices using the Telnet protocol and those with unpatched firmware. Specific product versions are not detailed, but the risk is prevalent across a wide range of IoT devices in facilities management.
Workaround and Mitigation
To mitigate these risks, organizations should implement strong password policies and avoid using default passwords on IoT devices. Regular updates and patches should be applied to IoT devices to address known vulnerabilities. Collaboration between IT and facilities management teams is crucial to ensure comprehensive cybersecurity measures. Additionally, regular cybersecurity training for facilities management staff can raise awareness of potential threats and enhance the overall security posture.
References
For further reading and detailed insights, refer to the following resources: Kaspersky IoT Threat Report 2023 (https://securelist.com/iot-threat-report-2023/110644/), FacilitiesNet Article (https://www.facilitiesnet.com/security/article/Getting-Serious-about-Facilities-Cybersecurity--19926), and Forescout-Finite State Research (https://industrialcyber.co/threat-landscape/new-forescout-finite-state-research-exposes-security-risks-in-ot-iot-routers-with-outdated-software-components/).
Rescana is here for you
At Rescana, we understand the complexities and challenges of securing facilities in an increasingly connected world. Our Continuous Threat and Exposure Management (CTEM) platform is designed to help organizations identify, assess, and mitigate cybersecurity risks effectively. We are committed to supporting our customers in safeguarding their facilities against evolving cyber threats. Should you have any questions about this report or any other cybersecurity concerns, please do not hesitate to contact us at ops@rescana.com.
Komentarze