Every industrial cybersecurity question demands a tailor-made answer and solution. Our focused team of professionals who understand your business are here to assist your company in securing your mission critical facilities to the highest level.
The latest OT/IoT Security Report from Nozomi Networks, which was published this month, showed some remarkable developments within the cybersecurity domain.
The main take-away is the fact that the Ukraine/Russia conflict influenced the industry significantly.
The first months of 2022, there was clearly a focus on critical infrastructure by the attackers. After
the Russian invasion of Ukraine, an emergence of malicious tools, specifically targeting OT (Operational Technology) systems, was reported. This increase of OT cyber-attacks did not result in a decrease of IT cyber-attacks. On the contrary, we also noticed an increase of IT cyber-attacks. But the most interesting observation was the fact that we saw a combination of various cyber actors, malicious tools (ransomware, wipers, ICS malware) operating simultaneously in the threat landscape.
Although, a coordination between these various cyber actors has not been proved, it’s highly likely that a nation-state coordination was orchestrated. This means in practice that the attack surface of an organization or – in this case – a nation, becomes more vulnerable, because the attackers have more attack vectors to choose from.
Another interesting observation from this conflict is the fact that private companies – in addition to governmental and military organisations – also became prime targets during the conflict. Especially private companies that were active in the critical infrastructure industry, were targeted.
One of the lessons learned out of this conflict could be that private companies, providing critical infrastructure services should maintain a heightened security posture and cooperate with their
governments to safeguard their assets in the event of a conflict.
The final observation was the fact that Ukraine relocated their sensitive servers out of the country in case a physical attack was launched on their critical infrastructure. Although several national privacy regulations within different European countries insist on the locations of datacenters within the national borders of a country, the operational need required the Ukrainians to move their datacenters outside their borders. While this will not necessarily prevent a cyberattack on those servers, it will safeguard them from being destroyed through a physical attack in-country.
The fact that Ukraine thought about an incident response/back-up plan for their critical infrastructure showed that they take cybersecurity very seriously and were prepared for the worst case scenarios.