Operational Technology Cybersecurity Gaps Persist Despite Growing Maturity

Many industrial organizations are bolstering their operational technology security, but a significant gap remains: 23% of respondents only have visibility into half of their OT environment. This blind spot leaves them vulnerable to ransomware, nation-state actors, and other cyber threats.

https://osintsights.com/operational-technology-cybersecurity-gaps-persist-despite-growing-maturity?utm_source=mastodon&utm_medium=social

#OperationalTechnology #CybersecurityGaps #IndustrialOrganizations #ItotConvergence #Ransomware

📢 Don't miss runZero's Rob King on the latest episode of the Nexus podcast.

Rob and host Michael Mimoso discuss the challenges of protecting #OT environments and why traditional mitigations and tools often fall short in converged networks.

🎧 Listen today: https://www.runzero.com/resources/ot-asset-exposures-mitigations

#OTsecurity #ITOTConvergence #ExposureManagement

Add this to the list of private network deployments in mining.

#ITOTConvergence
https://www.itnews.com.au/news/yancoal-builds-mobile-private-network-at-hunter-valley-mines-598352

'The research uncovered eight vulnerabilities that affect thousands of internet-connected devices worldwide. Multiple attack vectors were identified during the research, including the exploitation of internet-exposed services, cloud account takeover, and cloud infrastructure vulnerabilities.

'An attacker successfully exploiting these industrial routers and IoT devices can cause a number of impacts on compromised devices and networks, including monitoring network traffic and stealing sensitive data, hijacking internet connections in order to route traffic to malicious sites, or inject malware into traffic. Also, an attacker may exploit these issues to access and control networked devices and change router settings in order to manipulate configurations such as DNS settings or firewall rules. The compromised industrial devices may also be used to launch attacks against other devices or networks.

'CISA's advisory assesses one of the vulnerabilities a CVSS v3 score of 10.

'Teltonika offers a wide range of network solutions and devices, however, we’ve looked at the RUT241 and RUT955 devices in particular. These devices are part of the company’s industrial cellular routers product line and offer 4G LTE, WiFi, and Ethernet communication designed specifically for industrial environments and commercial applications.

'Teltonika RMS cloud-based management platform is vulnerable to an unauthorized attacker registering previously unregistered devices on the RMS, but only if the router’s RMS management feature, which is enabled by default, has not been disabled. This could enable the attacker to perform different operations from the cloud on unsuspecting users' routers, including remote code execution with root privileges (using the Task Manager feature on RMS)'.

#ITOTConvergence #SecureByDefaultAndDesign
https://www.otorio.com/blog/teltonikia-cloud-takeover-vulnerability-exposed/

'The sudden surge in the percentage of ICS computers on which malicious scripts and phishing pages were blocked in August and September 2022, as well as the high figures in the following months, were due to mass infections of websites (including those of industrial organizations) that use the Bitrix CMS. It should be noted that ICS computers from which arbitrary websites can be accessed are mostly ICS operator or engineering workstations'.

#ITOTConvergence
https://ics-cert.kaspersky.com/publications/reports/2023/03/06/threat-landscape-for-industrial-automation-systems-statistics-for-h2-2022/

'A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system'.

Fun fact: Cisco IOx is marketed at ICS folks.

#ITOTConvergence
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL