As such industrial connectivity networks proliferate, one cybersecurity firm has posted proof that the threat can be clear and present
Due to the increase in the number and diversity of Internet of Things (IoT), Internet of Medical Things (IoMT) and Operational Technology (OT) devices connected to standard corporate IT networks, one cybersecurity firm has produced a Proof of Concept paper to link the trend to the emergence of next-generation ransomware attacks focused on IoT ecosystems, and to a trend of increasing supply chain vulnerabilities.
This proof-of-concept appears to demonstrate how IoT and OT exploits can be combined with a traditional ransomware campaign. It also shows that, to mitigate this type of attack, solutions are required that allow for complete visibility and enhanced control of all the assets in a network.
According to Daniel dos Santos, Head of Security Research, Forescout Vedere Labs, which released the paper: “Threat actors are exploiting a broader threat surface than before and we see hacking groups discuss IoT access on forums today. It has become imperative to arm organizations with knowledge to extend their proactive defenses and ensure IoT devices have adequate segmentation from their critical IT and OT infrastructure.”
2021’s plethora of devastating 2021 cyberattacks, including ransomware attacks on Colonial Pipeline and JBS foods, as well as the Kaseya/REvil incident that simultaneously impacted more than 1,500 organizations across the globe, show that large ransomware gangs—often operating under a Ransomware-as-a-Service model—can cripple the operations of multiple types of organizations simultaneously to maximize impact.
The paper is intended to offer insights that can help IT defenders of IoT-related ecosystems that have already been shown to contain vulnerabilities that have yet to be addressed, and to “respond efficiently and effectively to rapidly evolving ransomware risks. This ability to identify and close gaps in connected devices and infrastructure boosts business continuity and security for critical functions.”