July 15, 2024
How AI can help close IoT's growing security gaps to contain ransomware

VentureBeat presents: AI Unleashed – An exclusive executive event for enterprise data leaders. Network and learn with industry peers. Learn More

Nation-state attackers are fine-tuning their tradecraft to take advantage of unprotected IoT sensors essential to infrastructure and manufacturing and increasing their attacks against U.S. and European targets. Once-sporadic attacks have given way to an all-out assault on infrastructure and production plants.  

IoT attacks seek to take advantage of infrastructure and manufacturing organizations that don’t know how many sensors and endpoints they have, where they are, if they’re current on patches or if they’re secured. IT and security teams in a typical enterprise don’t know where up to 40% of their endpoints are. During Q2 2023, 70% of all ransomware attacks were aimed at the manufacturing sector, followed by industrial control systems (ICS) equipment and engineering (16%).

Unprotected gaps between operational technology (OT) and IT systems, along with unprotected ICS’, are soft targets. This past year, 75% of OT organizations experienced at least one breach intrusion.

“The rub about ransomware is that defending against it requires folks to have strong security throughout their security cycle,” Merritt Baer, Lacework field CISO, told VentureBeat. “You don’t stop ransomware in the moment (though resilience under fire is a relevant topic!). You protect against ransomware by building up your organization’s security every day. And assistive AI tools can also help extend the capabilities of security professionals by offloading time consuming processes and low-level work so they can focus on more strategic, higher-impact security activities.”


AI Unleashed

An exclusive invite-only evening of insights and networking, designed for senior enterprise executives overseeing data stacks and strategies.


Learn More

More AI-based, tightly orchestrated cyberattacks coming

Well-funded nation-state attackers and criminal gangs are also recruiting AI and machine learning (ML) experts to help build the next generation of generative AI attack tools. Threat actors are orchestrating their IoT attacks with social engineering and reconnaissance and often know more about a target’s network than the admins do.  

Manufacturing CISOs seeing spikes in nation-state attack attempts say that new tradecraft reflects a faster, more efficient attack strategy often combined with deepfakes and advanced social engineering. Cyberattacks reflect a new generation of technologies capable of adapting faster than any infrastructure or manufacturer can respond.

“We used to see national-state attackers pulse our endpoints and infrastructure periodically — as if they had a schedule to probe us every few months,” one CISO told VentureBeat on condition of anonymity. Now, that security leader says attack patterns, signatures and sequence of tactics are unmistakable and constant. “They want into our processing plants, distribution centers and R&D facilities with a level of intensity we’ve never seen before.”

Other CISOs tell VentureBeat that they worry that security teams are losing the AI war because defensive versus offensive AI shows that attackers are gaining the upper hand. Nearly three-quarters (70%) of CISOs believe that gen AI is creating more advantages that tip in favor of cyber attackers. More than one-third (35%) already use AI for security applications, and 61% plan to adopt AI-based cybersecurity applications and tools in the next 12 months.

Manufacturing continues to face a cyberattack epidemic

One of the best-kept secrets in manufacturing is how many ransomware attacks occur and how many ransoms are quietly paid and never reported. It’s an epidemic that no one wants to admit exists, yet IBM’s 2023 X-Force Threat Intelligence Index finds that manufacturing is the most attacked industry today. Well over half (61%) of all breach attempts and 23% of all ransomware attacks are aimed primarily at manufacturing OT systems. Ransomware and hacktivism are the leading cause of most OT-targeted attacks. More than three-quarters (81%) of malware can disrupt industrial control systems, costing millions of dollars in lost orders, productivity and customer goodwill. 

The Cybersecurity and Infrastructure Security Agency (CISA) also reports that it is seeing a spike in infrastructure and manufacturing attacks, as evidenced by its recent alert of nineteen ICS advisories

IoT and sensors are a favorite target

Attacks often begin targeting unprotected IoT, IIoT and programmable logic controllers (PLC) that deliver real-time data across infrastructure and plant shop floors. From there, the goal is to penetrate deep into the network and cause chaos.

Nation-state attackers are focusing on how they can fast-track AI arsenals into use to make bold political statements or extract millions in ransomware. Energy, water and oil infrastructure, along with healthcare and manufacturing, are soft targets because even a slight disruption threatens human lives and causes millions of dollars in losses.  

“We’re connecting all these IoT devices, and all those connections create vulnerabilities and risks,” Kevin Dehoff, president and CEO of Honeywell Connected Enterprise (HCE), told VentureBeat. “With OT cybersecurity, I’d argue the value at stake and the stakes overall could be even higher than they are when it comes to IT cybersecurity.”

Dehoff emphasized the need to give customers better visibility into risks and vulnerabilities. “Most customers are still learning about the state of affairs in their OT networks and infrastructure,” he said. “And I think there’s some awakening that will be done.”

Introducing Cyber Watch

HCE knows these challenges well. The company manages cybersecurity for more than 500 customer sites, secures more than 100 million connected assets and employs more than 150 AI and ML data scientists. The company introduced Cyber Watch and an enhanced version of Cyber Insights at Honeywell Connect last week. Both rely on AI and ML to identify potential breach and intrusion attempts on IoT, OT, ICS and their real-time gaps with IT systems.  

Ransomware attacks disable production capabilities and demand large sums to restore access. The Cyber Watch dashboard provides real-time visibility into ransomware indicators across multiple sites, enabling earlier threat detection. 

Earlier this year, HCE acquired SCADAFence, which has expertise in closing gaps between OT and IT networks and protecting IoT sensors.

Cyber Watch’s approach to providing a global view of OT cybersecurity is noteworthy. The platform includes a multi-side dashboard that provides visibility into cyber threats across sites and a centralized data view. The Governance Dashboard enables IT and audit departments to define and monitor adherence to company policies. It also supports OT standards and regulations, including IEC 62443, the NIST framework and other compliance frameworks for OT.

Cyber Watch is designed to help organizations better identify, mitigate, and manage the latest Operational Technology (OT) cyber threats. Source: Honeywell Connected Enterprise 

Shivan Mandalam, CrowdStrike director of product management and IoT security, told VentureBeat that “it’s essential for organizations to eliminate blind spots associated with unmanaged or unsupported legacy systems. With greater visibility and analysis across IT and OT systems, security teams can quickly identify and address problems before adversaries exploit them.”

Like Honeywell, CrowdStrike helps infrastructure and manufacturing customers close IoT gaps by constantly improving their discovery technologies. 

Cybersecurity providers are all-in on the AI challenge

Baer told VentureBeat: “AI helps to do recursive work. This is crucial for ransomware defense, especially in the cloud where permissions are a mix of perimeter-based (VPC, VPN), coupled with fine-grained identity-centric (users, roles and other identity-based permissions). These controls augment and layer on one another in ways that are hard for humans to parse or prune efficiently. AI can help where humans are not as perfect or fast to calculate ‘what are the attack paths or escalation routes?’”

The era of weaponized AI is here. AirGap Networks, Absolute Software, Armis, Broadcom, Cisco, CradlePoint, Fortinet, Ivanti, JFrog and Rapid7 all have expertise in IoT cybersecurity. Last year at Fal.Con 2022, CrowdStrike launched Falcon Insight XDR and Falcon Discover for IoT.

Ritesh Agrawal, CEO of Airgap Networks, observes that while IoT endpoints may not be business critical, they can be easily breached and used to spread malware to an organization’s most valuable systems and data. He advises organizations to insist on the basics — discovery, segmentation and identity — for every IoT endpoint.

Ivanti currently offers four IoT cybersecurity solutions, including Ivanti Neurons for RBVM, Ivanti Neurons for UEM, Ivanti Neurons for Healthcare (which supports the Internet of Medical Things, IoMT), and Ivanti Neurons for IIoT.

“IoT devices are becoming a popular target for threat actors, with IoT attacks making up more than 12% of global malware attacks in 2021, up from 1% in 2019, according to IBM,” Srinivas Mukkamala, chief product officer at Ivanti, told VentureBeat. “To combat this, organizations must implement a unified endpoint management (UEM) solution that can discover all assets on an organization’s network — even the Wi-Fi-enabled toaster in your breakroom.”

Baer agreed that, “As a CISO, you need to know what you’ve got out there, you need it to work and you need it to run permissions that are deliberately pruned.”

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.

Source link