A recent whitepaper by Palo Alto Networks and Siemens sheds light on the escalating cybersecurity risks associated with SCADA and Operational Technology (OT) devices exposed to the public internet. As IT and OT systems become increasingly interconnected, critical infrastructure faces heightened vulnerabilities, potentially leading to severe operational disruptions and security breaches.
Key Findings:
- Manufacturing is the most targeted sector: 82.7% of internal exploit attempts occurred in the manufacturing industry alone.
- Emerging threats remain unidentified: 79.9% of detected malware in OT networks was classified as unknown, highlighting the growing challenge of identifying and mitigating novel cyber threats.
- Aging vulnerabilities remain a major risk: 61.9% of exploit triggers in OT networks were due to vulnerabilities that were 6–10 years old, emphasizing the importance of timely patching.
- Remote service exploitation is a leading attack vector: Attacks targeting remote services accounted for 20% of all security incidents in OT networks.
Expanding Attack Surface in OT Networks
In 2023, over 1.25 million SCADA and OT devices were found exposed to the internet, significantly increasing the risk of cyberattacks impacting essential services. Enhanced fingerprinting techniques introduced in March–April 2023 revealed a broader scope of vulnerable devices, particularly within SCADA and building control systems. These insights underscore the need for stricter security measures in OT environments.
Attack Tactics and Industry Vulnerabilities
An analysis of 51,000 OT firewalls using Palo Alto Networks App-ID™ mapped cyberattacks to the MITRE ATT&CK® Matrix for ICS, identifying key tactics such as Initial Access, Lateral Movement, and Privilege Escalation as common methods used by attackers. Industries most at risk include manufacturing, energy, and retail, where poor network segmentation and misconfigurations further expand attack surfaces.
Recommendations for Strengthening OT Security
To mitigate these risks, organizations must adopt a proactive cybersecurity strategy, including:
- Enhanced security controls to detect and prevent advanced threats.
- Stronger network segmentation to limit lateral movement and minimize attack impact.
- Continuous monitoring and real-time threat detection to improve response times and resilience against emerging cyber threats.
As cyber threats targeting critical infrastructure continue to evolve, a robust, adaptive approach to OT security is essential for safeguarding industrial systems.
To access the full report, please visit here.
News Source: Wallis PR
