Internet exposure of Operational Technology (OT) and Industrial Control Systems (ICS) continues to be a critical infrastructure security issue despite decades of raising awareness, new regulations, and periodic government advisories. Forescout, a global cybersecurity leader, unveiled Better Safe Than Sorry, a seven-year analysis of internet-exposed OT/ICS data. The study was conducted by Forescout Research ? Vedere Labs, a leading global team dedicated to uncovering vulnerabilities in and threats to critical infrastructure.
In the Better Safe Than Sorry report, Forescout researchers examine the realistic opportunities for a mass target attack of internet-exposed OT/ICS devices. These devices are fertile ground for abuse as attackers look no further than using basic rationale driven by current events, copycat behavior, or the emergencies found in new, off-the-shelf capabilities or readily available hacking guides to create chaos. Forescout released Better Safe Than Sorry from HANNOVER MESSE, the world's leading trade fair for industrial technology. Forescout researchers can discuss these findings in Hall 16, Booth: A12 in the IT & OT Circus, April 22-26.
"If these warnings sound familiar, it's because they are. The looming potential for a mass target scenario is high," said Elisa Costante, VP of Research at Forescout Research ? Vedere Labs. "Forescout calls on vendors, service providers, and regulatory agencies to work collectively to prevent attacks on critical infrastructure that will spare no one."
Top research highlights in the Better Safe Than Sorry report include:
Good news, there are now less than 1,000 exposed devices running Nucleus and approximately, 5,500 running NicheStack. This is a significant reduction after the exposure was revealed in the original Forescout research in Project Memoria.
"Time and again, we've seen the dire consequences of ignoring critical infrastructure threats," adds Costante. "It's not a matter of if, but when, these vulnerabilities will be exploited. Let's heed the warnings and take proactive measures to safeguard our infrastructure before it's too late."
Many asset owners are likely unaware that OT/ICS systems contain potentially vulnerable devices exposed to the internet, once again highlighting the need for an accurate and granular software and hardware bill of materials as part of a comprehensive risk management strategy. Download the full report, Better Safe Than Sorry, now at https://forescout.com/resources/better-safe-than-sorry-proactively-identifying-at-risk-internet-exposed-otics/.
How Forescout Research Works
Forescout Research employs its Adversary Engagement Environment (AEE) to conduct analysis, leveraging a blend of real and simulated connected devices. This dynamic environment functions as a robust tool, enabling the pinpointing of incidents and identifying intricate threat actor patterns at a granular level. The overarching objective is to elevate responses to complex critical infrastructure attacks by leveraging the detailed insights and understanding derived from this specialized deception environment. The AEE is maintained by Vedere Labs, a leading global team dedicated to uncovering vulnerabilities in and threats to critical infrastructure. Forescout products directly leverage this research, which is shared openly with vendors, agencies, and other researchers.
About Forescout
Forescout Technologies, Inc., a global cybersecurity leader, continuously identifies, protects and helps ensure the compliance of all managed and unmanaged connected cyber assets ? IT, IoT, IoMT and OT. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide vendor-agnostic, automated cybersecurity at scale. The Forescout® Platform delivers comprehensive capabilities for network security, risk and exposure management, and threat detection and response. With seamless context sharing and workflow orchestration via ecosystem partners, it enables customers to more effectively manage cyber risk and mitigate threats.
These press releases may also interest you
|