Nation-state attackers are increasingly refining their tactics to exploit unprotected IoT sensors that are critical to infrastructure and manufacturing, leading to a surge in attacks against U.S. and European targets. Previously sporadic attacks have turned into a full-blown assault on infrastructure and production plants. These attacks take advantage of organizations that lack knowledge about the number and location of their sensors, whether they are up to date with patches, and if they are properly secured.
During Q2 2023, the manufacturing sector experienced 70% of all ransomware attacks, followed by industrial control systems (ICS) equipment and engineering at 16%. The gaps between operational technology (OT) and IT systems, as well as unprotected ICS, make them vulnerable targets. In fact, 75% of OT organizations encountered at least one breach intrusion in the past year.
“The rub about ransomware is that defending against it requires folks to have strong security throughout their security cycle.”
– Merritt Baer, Lacework field CISO
Well-funded nation-state attackers and criminal groups are even recruiting AI and machine learning (ML) experts to develop advanced AI attack tools. These threat actors are orchestrating IoT attacks using social engineering and reconnaissance, often having more knowledge about a target’s network than the administrators do.
“They want into our processing plants, distribution centers, and R&D facilities with a level of intensity we’ve never seen before.”
– Anonymous CISO
CISOs in the manufacturing industry are concerned that defensive AI is losing the battle against offensive AI. 70% of CISOs believe that gen AI gives more advantages to cyber attackers. As a result, 35% of CISOs already utilize AI for security applications, and 61% plan to adopt AI-based cybersecurity tools within the next year.
Ransomware attacks in manufacturing are often undisclosed. IBM’s 2023 X-Force Threat Intelligence Index reveals that manufacturing is currently the most targeted industry, with 61% of all breach attempts and 23% of ransomware attacks primarily aimed at OT systems.
“We’re connecting all these IoT devices, and all those connections create vulnerabilities and risks.”
– Kevin Dehoff, President and CEO of Honeywell Connected Enterprise (HCE)
Honeywell Connected Enterprise manages cybersecurity for over 500 customer sites and secures more than 100 million connected assets. Honeywell introduced Cyber Watch and Cyber Insights, which leverage AI and ML to detect and address breach attempts in real-time across IoT, OT, and ICS.
Ransomware attacks disrupt production capabilities and demand large sums to restore access. Cyber Watch provides a real-time view of ransomware indicators, enabling early threat detection. Honeywell’s acquisition of SCADAFence strengthens their ability to protect IoT sensors and bridge the gaps between OT and IT networks.
CrowdStrike, Airgap Networks, Absolute Software, Armis, Broadcom, Cisco, CradlePoint, Fortinet, Ivanti, JFrog, and Rapid7 are among the companies specializing in IoT cybersecurity. These organizations continuously improve their discovery technologies to close gaps and enhance visibility across IT and OT systems.
“AI helps to do recursive work. This is crucial for ransomware defense, especially in the cloud where permissions are a mix of perimeter-based coupled with fine-grained identity-centric.”
– Merritt Baer, Lacework field CISO
Threat actors are leveraging weaponized AI for political purposes and ransom extraction. Energy, water, oil infrastructure, healthcare, and manufacturing are attractive targets due to the potential disruption and financial losses associated with them. Protecting IoT endpoints requires organizations to prioritize discovery, segmentation, and identity management.
“To combat this, organizations must implement a unified endpoint management (UEM) solution that can discover all assets on an organization’s network — even the Wi-Fi-enabled toaster in your breakroom.”
– Srinivas Mukkamala, Chief Product Officer at Ivanti
The Need for Stronger IoT Security Measures
With the increasing sophistication of threats and the growing number of attacks on infrastructure and manufacturing, the importance of strong IoT security measures cannot be overstated. It is crucial for organizations to implement comprehensive cybersecurity strategies that leverage AI and ML to detect and mitigate threats in real-time.
By understanding the vulnerabilities and risks associated with IoT devices and establishing robust security protocols, organizations can significantly reduce the likelihood and impact of attacks. Close collaboration between IT and security teams, along with regular monitoring and updating of security measures, is essential in maintaining robust defenses against evolving threats.
