ICS cybersecurity company Drago has just published a series of three year-in-review reports, what are intended to be a collection of its first-hand experiences hunting, analyzing, and combatting industrial adversaries that provide asset owners and the practitioner community with actionable defensive recommendations to reduce the overall risks associated with operating critical infrastructure. The first report, which focuses on ICS vulnerabilities, found that 77 percent of assessed vulnerabilities were considered “deep within” a control systems network, requiring some existing access to a control system to exploit. It also found that 26 percent of advisories had no patch available when the initial notification was made, presenting a challenge for users. In its report on the threat landscape, Dragos notes it identified three new activity groups targeting ICS entities globally. It also states that ransomware and commodity malware, like Ryuk and Emoter, remain threats to industrial operations as they can potentially bridge the IT/OT gap to disrupt operations. And in the final report, which discusses lessons learned, Dragos observes that 100 percent of the organizations it assessed had routable network connections into their operational environments. It also found that 66 percent of the incident response cases it responded to involved adversaries directly accessing the ICS network from the internet. Read the reports at Dragos.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!