Cyberattacks against critical infrastructure can cause massive societal disruption and take an enormous financial toll. Those high stakes make industrial IT and OT (operational technologies) appealing targets for ransomware in particular. Applying strong cyber defenses to six critical OT domains can help prevent ransomware and other threats to power grids, pipelines and similar essential operations.
Ransomware attacks on industrial targets continue to rise, accounting for more than half of all malware on industrial endpoints. They have also become highly sophisticated, able to exploit long unpatched vulnerabilities and—less commonly—zero-day vulnerabilities. Often the labor is divided: one cybercriminal (or group) discovers vulnerabilities, another sells lists of vulnerabilities, others sell tools to exploit different kinds of vulnerabilities, while some other actor handles payment processing. Some ransomware attacks now even escalate to double and triple extortions.
These developments coincide with the evolution of industrial networks from largely self-contained ‘walled gardens’ built on proprietary, vendor-specific communications protocols to IP-based systems that increasingly make use of the corporate IP network, which is shared by other applications. Remote monitoring, configuration and analytics are commonplace, with automation systems and field operations beginning to take advantage of cloud and edge computing. These new connections combined with generally more interconnected IT and OT systems continue to expand the industrial attack surface.
How to prevent ransomware attacks across the six domains
There are six key operational domains where ICS security can help prevent ransomware and other cyber threats: the OT and IT