As the UK and US governments alert organisations to the increased risk of a state-sponsored cyber attack, the necessity to adopt stronger prevention strategies against cyber adversaries becomes urgent, but too many targeted businesses, public agencies and operators of critical national infrastructure are exposed because they don’t have proper visibility of the vulnerabilities or command and control over cybersecurity.
Commenting on how organisations need to respond to the US and UK governments joint alert, Sean Keef, Director of Technical Product Marketing, Skybox Security said “The joint alert by the US and UK on Russian state-sponsored cyberattacks targeting network infrastructure devices accentuates that organisations are still challenged to understand the vulnerabilities and security weaknesses in their attack surface.
Out of warranty hardware, out of date software, and misconfigurations are the recipe for disaster — and it looks like Russia is cooking dinner"
Convergence of IT and OT networks
“The sheer size and complexity of networks today (including the convergence of IT networks and the OT networks that run critical infrastructures) is making that challenge even bigger. We know that legacy networks — especially those in critical infrastructure — are not outfitted to deal with today’s security challenges. Out of warranty hardware, out of date software, and misconfigurations are the recipe for disaster — and it looks like Russia is cooking dinner.
“Keeping track of what protocols are being used by which devices, ensuring that the delivered access doesn’t exceed the desired access, and confirming that devices are configured and hardened properly can be daunting — especially with enterprise-level, hybrid networks.
Skybox assessed that there had been a 120 percent increase in the vulnerabilities affecting what is known as operational technology in the last 12 months"
Identifying the security vulnerabilities
“This requires deploying technology that gives complete visibility to the attack surface — across the entire hybrid network. That technology takes into consideration both asset and network data to understand how data flows and where vulnerabilities and security weakness exist. Without this information, security teams are essentially managing security blindly.
“The scale of the problem was illustrated by Skybox Security’s own research into the vulnerabilities in the operational technology used to run critical infrastructure. Skybox assessed that there had been a 120 percent increase in the vulnerabilities affecting what is known as operational technology in the last 12 months.
“These are computer-connected control systems for running critical processes in power generation and supply as well as similar functions in other utilities like water. Unless they are rectified such vulnerabilities can be exploited by adversaries as we discovered with the NotPetya and other incidents last year.”