Discovering: At least four distant access tools are commonly found in many offsite (OT) settings, according to a recent report.
In a revealing report by Claroty, one-third of operational technology (OT) environments were found to contain six or more remote access tools, posing significant security risks. This trend, according to the report, has been the primary intrusion point across 3 in 5 ransomware attacks in 2023, as highlighted in the May report from At-Bay.
The increased use of remote access tools in OT environments has led to several common security risks. One of the key concerns is the increased exposure to cyber threats. Remote access tools, when not adequately secured, can provide unauthorized pathways for attackers to target OT systems, which are often not designed with security in mind. This can lead to incidents like ransomware attacks, where systems are compromised for financial gain.
Another significant risk is the lack of network visibility and monitoring. Many organizations lack comprehensive visibility into their OT networks, making it difficult to detect and respond to security threats. This is exacerbated by the use of multiple remote access tools, which can complicate network architecture and increase the attack surface.
Traditional OT systems, especially those in sectors like mining, are frequently based on legacy protocols and architectures that are not secure by modern standards. This makes them easier targets for exploitation when remote access is involved.
Inadequate password management and authentication practices can lead to unauthorized access. Weak passwords or poor security hygiene can be exploited by attackers to gain control of OT systems via remote access tools.
Moreover, increasing connectivity and remote access can introduce compliance issues, as OT environments are subject to strict regulations. Managing multiple remote access tools while meeting these regulatory requirements can be challenging.
The report also highlights the problem of managing security tool sprawl in companies with budget constraints, personnel shortages, and alert fatigue. Many OT environments have more than two non-enterprise grade remote access tools installed on OT network devices, posing an even greater risk because they lack features to manage access privileges.
In January 2023, the Cybersecurity and Infrastructure Security Agency released a guide for protecting against the malicious use of remote monitoring and management software. The report also mentions several high-profile incidents where remote access tools have been at the center of major threat campaigns.
Despite these risks, some organizations run as many as 16 remote access tools. However, it's reassuring to note that in a recent incident involving TeamViewer, no customer environments were compromised.
Researchers from NCC previously warned organizations to disengage remote access tools from their environments due to these security concerns. The report underscores the need for comprehensive inventory management, network segmentation, and robust security controls to mitigate these risks in OT environments.
Due to the increasing use of remote access tools in operational technology (OT) environments, the exposure to cybersecurity threats has escalated significantly. In many cases, these tools, when not adequately secured, can provide attackers with unauthorized access to OT systems, potentially leading to ransomware attacks, a prevalent issue in 2023.
Moreover, the lack of network visibility and monitoring in OT environments, often compounded by the use of multiple remote access tools, makes it difficult to detect and respond to cybersecurity breaches, increasing the risk of ransomware attacks.
%20settings%2C%20according%20to%20a%20recent%20report.){kind=link}