Cold cybersecurity: Watch out for the Icefall
Image: © AFP
A security report looks at a set of 56 vulnerabilities, collectively called Icefall, that impact operational technology (OT) equipment used in various critical infrastructure environments.
Looking into the implications of the report, Terry Olaes, Director of Sales Engineering at Skybox explains to Digital Journal about the core implications from the report and what this means for businesses.
Olaes says: “This is yet another reminder that critical infrastructure remains a top target for cybercriminals. Skybox Research Lab found that new vulnerabilities in operational technology (OT) products have risen 88 percent year over year.”
This is becoming part of a problematic trend, says Olaes. He notes: “Too often, our researchers see organizations that only rely on conventional approaches to vulnerability management move to patch the highest severity vulnerabilities first based on the Common Vulnerability Scoring System (CVSS).”
Furthermore, says Olaes, this is all too familiar for cybercriminals for they “know this is how many companies handle their cybersecurity, so they’ve learned to take advantage of vulnerabilities seen as less critical to carry out their attacks.”
Furthermore, Olaes says: “In the case for OT, the mechanisms used to exploit these devices are less-sophisticated due to the design of these technologies to minimize friction and focus on HSE impact, above all. This enables bad actors to identify and weaponize new exploits more quickly, resulting in the drastic vulnerability count increase.”
Looking at one of the more significant issues, Olaes says: “In the case of ICEFALL, threat actors could have access to over 50 vulnerabilities that are affecting operational technology devices of several critical infrastructure organizations. The Russian state-sponsored hacking group known as Sandworm is already known to have successfully leveraged these vulnerabilities against Ukraine in recent months, identifying users and infrastructure, including electrical systems, and disconnecting its electrical substations.”
There are measures that companies can adopt. Here Olaes puts forward: “To stay ahead of cybercriminals, companies must address vulnerability exposure risks before hackers attack them. That means taking a more proactive approach to vulnerability management by learning to identify and prioritize exposed vulnerabilities across the entire threat landscape.”
Olaes also recommends: “Organizations should ensure they have solutions capable of quantifying the business impact of cyber risks into economic impact. This will help them identify and prioritize the most critical threats based on the size of the financial impact, among other risk analyses such as exposure-based risk scores.”
The final advice from Olaes is: “They must also enhance the maturity of their vulnerability management programs to ensure they can quickly discover whether or not a vulnerability impacts them and how urgent it is to remediate.”
Gloss