Industrial IoT Devices at Growing Risk, Warns Microsoft

Attention, industry channel partners: Microsoft has noticed an increase in security attacks targeting operational technology (OT) devices with Internet connectivity.

Many OT devices fall into the category of Industrial Internet-of-Things (IIoT). These types of devices are used in industrial settings to monitor and control machinery. They typically have a software component and are capable of connecting to the Internet in order to transmit data.

In a recent report, Microsoft warned that the number of attacks targeting these Internet-connected OT devices has been on the rise since late 2023. Threat actors target these systems to take control, which could lead to major outages or damaged hardware.

"Adding to the potential damage of attacks on OT systems are their often-lacking security measures, which make OT attacks not only attractive for attackers but also relatively easy to execute," said Microsoft. "Many OT devices, notwithstanding common security guidelines, are directly connected to the internet, making them discoverable by attackers through internet scanning tools. Once discovered by attackers, poor security configurations, such as weak sign-in passwords or outdated software with known vulnerabilities, could be further exploited to obtain access to the devices."

The Microsoft Digital Defense Report 2023 found that 78 percent of industrial network devices monitored by Microsoft Defender for IoT had known vulnerabilities. Among these, 46 percent used deprecated firmware and 32 percent ran on outdated systems with unpatched vulnerabilities.

Microsoft's analysis of these attacks revealed a common method: exploiting Internet-exposed, poorly secured OT devices. The ongoing Israel-Hamas conflict has only added fuel to the fire, with Israeli companies in particular seeing a spike in cyberattacks. 

This was evident in the November 2023 attack on the Aliquippa water plant in Pennsylvania, which was manufactured in Israel. Attributed to the Islamic Revolutionary Guard Corps-affiliated (IRGC) "CyberAv3ngers" and tracked by Microsoft as Storm-0784, the attack led to the shutdown of a pressure regulation pump and defacement of the device's interface. In response, the U.S. Department of Treasury sanctioned officials from the IRGC.

Microsoft's report also found that OT-focused attacks have not been limited to public sector facilities, but also affect private enterprises. While the public sector has been implored to implement proper risk management and protection of OT systems, the diversity of target profiles illustrates that ensuring OT security in the private sector is equally crucial, said Microsoft.

To mitigate such threats, Microsoft recommends adopting comprehensive IoT and OT security solutions like Microsoft Defender for IoT, conducting vulnerability assessments, reducing unnecessary Internet connections to OT devices, and implementing Zero Trust practices with network segmentation. These measures aim to prevent attackers from exploiting vulnerabilities and compromising critical systems.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.