News

Industrial IoT Devices at Growing Risk, Warns Microsoft

Attention, industry channel partners: Microsoft has noticed an increase in security attacks targeting operational technology (OT) devices with Internet connectivity.

Many OT devices fall into the category of Industrial Internet-of-Things (IIoT). These types of devices are used in industrial settings to monitor and control machinery. They typically have a software component and are capable of connecting to the Internet in order to transmit data.

In a recent report, Microsoft warned that the number of attacks targeting these Internet-connected OT devices has been on the rise since late 2023. Threat actors target these systems to take control, which could lead to major outages or damaged hardware.

"Adding to the potential damage of attacks on OT systems are their often-lacking security measures, which make OT attacks not only attractive for attackers but also relatively easy to execute," said Microsoft. "Many OT devices, notwithstanding common security guidelines, are directly connected to the internet, making them discoverable by attackers through internet scanning tools. Once discovered by attackers, poor security configurations, such as weak sign-in passwords or outdated software with known vulnerabilities, could be further exploited to obtain access to the devices."

The Microsoft Digital Defense Report 2023 found that 78 percent of industrial network devices monitored by Microsoft Defender for IoT had known vulnerabilities. Among these, 46 percent used deprecated firmware and 32 percent ran on outdated systems with unpatched vulnerabilities.

Microsoft's analysis of these attacks revealed a common method: exploiting Internet-exposed, poorly secured OT devices. The ongoing Israel-Hamas conflict has only added fuel to the fire, with Israeli companies in particular seeing a spike in cyberattacks. 

This was evident in the November 2023 attack on the Aliquippa water plant in Pennsylvania, which was manufactured in Israel. Attributed to the Islamic Revolutionary Guard Corps-affiliated (IRGC) "CyberAv3ngers" and tracked by Microsoft as Storm-0784, the attack led to the shutdown of a pressure regulation pump and defacement of the device's interface. In response, the U.S. Department of Treasury sanctioned officials from the IRGC.

Microsoft's report also found that OT-focused attacks have not been limited to public sector facilities, but also affect private enterprises. While the public sector has been implored to implement proper risk management and protection of OT systems, the diversity of target profiles illustrates that ensuring OT security in the private sector is equally crucial, said Microsoft.

To mitigate such threats, Microsoft recommends adopting comprehensive IoT and OT security solutions like Microsoft Defender for IoT, conducting vulnerability assessments, reducing unnecessary Internet connections to OT devices, and implementing Zero Trust practices with network segmentation. These measures aim to prevent attackers from exploiting vulnerabilities and compromising critical systems.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.

  • Report: Security Initiatives Can't Keep Pace with Cloud, AI Boom

    The increasingly fast adoption of hybrid, multicloud, and AI systems is easily outgrowing existing security measures, according to a recent global survey by the Cloud Security Alliance (CSA) and exposure management firm Tenable.