Insecure configuration of security solutions also plays a significant role in APT attacks, as does the absence of cybersecurity protection in OT networks and the inability to keep industrial workstations and servers up to date. Insufficient protection of OT assets further amplifies these risks, as malware can spread more easily when security solutions have outdated databases, security components are disabled and there are too many exclusions from scanning and protection. Kaspersky’s investigations also highlighted instances where disgruntled employees or contractors with OT network access have tried to cause harm. Read more on similar attacks: CISA Warns Against Malicious Use of Legitimate RMM Software Remote administration tools, such as TeamViewer or Anydesk that were intended to be temporary may continue to run unnoticed, making it easy for attackers to gain entry. The human factor also remains a significant driver of cyber-criminal activities in industrial settings, according to the report, with employees or contractors frequently being given access to OT networks without adequate attention to information security measures. “In situations where the OT networks’ isolation solely relies on the configuration of networking equipment, experienced attackers can always reconfigure that equipment to their advantage,” explained Evgeny Goncharov, head of the industrial control systems cyber emergency response team at Kaspersky. This dependence on network configuration for isolation can be manipulated by skilled attackers, allowing them to manage malware traffic or infect seemingly isolated networks.
Kaspersky experts have observed instances where engineering workstations are connected to the IT and OT networks. The first of them, discussed in a new report published today, is the absence of isolation in operational technology (OT) networks. Cybersecurity firm Kaspersky has identified the primary factors contributing to advanced persistent threat (APT) attacks in industrial sectors.
0 kommentar(er)
