- 최형광 칼럼 | 딥시크가 촉발하는 AI 패권 경쟁
- Windscribe VPN review: A flexible and free VPN
- One of my favorite foldables brings the flip phone back in the best way (and it's $200 off)
- I opened up a cheap 600W charger to test its build, and found 'goo' inside
- How to negotiate like a pro: 4 secrets to success
Operational Technology Leaves Itself Open to Cyber-Attack
Uncontrolled use of remote access tools is posing a threat to operational technology, security researchers have warned.
Team82, the research arm of cyber and physical security company Claroty, found more than half of organizations (55%) used four or more remote access tools (RATs). A further 33% used six or more.
The researchers surveyed data from more than 50,000 remote access enabled devices. They also discovered that businesses used “non enterprise grade” tools on operational technology (OT) network devices.
These tools lack basic security measures, such as multi-factor authentication or privilege access management capabilities. Using these tools could allow criminal attackers easy access to OT systems and wider enterprise networks.
Team82 also found that RATs developed for IT administration purposes were causing issues on OT networks. These included a lack of visibility for OT network admins and no central management of the tools’ activity. Administrators also face a growing burden managing network access rights and credentials.
By adding external connections, excessive use of RATs increases an organization’s attack surface. Even enterprise IT RATs can fail to take the security requirements of OT into account.
Some RATs have also been linked to cyber-attacks: Team82 reports that TeamViewer suffered a compromise, linked to the APT29 threat group. AnyDesk, another remote access tool, also reported a breach earlier this year.
Team82’s researchers recommend that organizations control the use of RATs in OT and industrial control systems (ICS) and centralize management of them with common access control policies.
OT teams should also ensure security standards are applied across the supply chain and to any third-party vendors. In addition, the use of “low security remote access tools in the OT environment” should be minimized.
“Unregulated remote access software is a major issue for us all. Many of these tools are free and are a main source of toolware for scammers and organized criminals,” David Spinks of CSIRS and chair of the Cyber Security in Real Time Systems LinkedIn group, told Infosecurity.
“As a minimum all remote access software needs to be licensed. When I worked for an outsourcer, our second- and third-line support who used remote access services had many levels of policy and security controls to protect them and their organizations.”
Attacks against OT and manufacturing have grown sharply over the last few years, with nation-state actors linked to the increase.
Read more about attacks against OT: US and UK Warn of Disruptive Russian OT Attacks
