- Latest Volt Typhoon attack discovery raises concerns about OT security culture
- Artificial intelligence’s role in attacks continues to worry cybersecurity leaders
- Vulnerable OT servers leave SMBs and enterprises open to ransomware attacks and IP theft
Volt Typhoon, a threat group with links to China, had access to Massachusetts’ Littleton Electric Light and Water Departments (LELWD)’s operational technology (OT) network for ten months in 2023.
The intrusion lasted from February to November 2023, yet security researchers at Dragos, who discovered it, moved quickly once it was known; identifying the group’s activities on the server and containing the threat without customer data being compromised.
Data on OT networks, especially where Critical National Infrastructure (CNI) is concerned, is important to lock down. Infosecurity reported on Donovan Tindill, DeNexus’ OT cybersecurity director, explaining that exposed small business servers of this kind allow for the theft of intellectual property, the mapping of utility grid structures, and for data to be leveraged in ransomware attacks.
Staying on top of OT cybersecurity
Experts have been weighing in on the implications of the attack. Tim Mackey, Black Duck’s software supply chain risk strategy head, said that “one of the biggest challenges with cybersecurity in critical infrastructure is the long lifespan of the devices. Something that was designed and tested to the best practices available when it was released can easily become vulnerable to attacks using more sophisticated attacks later in its lifecycle.”
Nathaniel Jones, Darktrace’s VP of threat research, went on to add that the impact of AI tools in attacks on CNI was a “continued and growing concern” for those defending OT networks.
Agnidipta Sarkar, ColorTokens’ VP of CISO advisory, warned attacks were on the rise, but also being dealt with in the wrong way by OT defenders and leaders. “Unfortunately,” they said, “cyber OT leadership is focusing on stopping attacks instead of stopping the proliferation of attacks.”
In case you missed it, TechRadar Pro reported that the complexity of IT systems could be increasing security risks for businesses, and a recent report from Adaptavist revealed that 40% of IT leaders are scared to admit mistakes due to a workplace culture of fear.
Via InfoSecurity
Leave a comment