Hackers are increasing their attacks on internet-exposed OT devices

They are trying to gain access to critical systems

Reading time icon 3 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

An AI generated image of an OT device in a water plant

Hackers are targeting the operational technology (OT) devices used in water and wastewater systems (WWS) across the US. According to Microsoft, they mostly conducted their malicious operations on internet-exposed devices. During the past months, the number of attacks has grown. Thus, there is a real need to improve the security systems of critical OT devices.

Why are cybercriminals attacking OT devices?

Various industries use OT devices, like Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs). The PLCs control industrial systems and processes, while the HMIs are features or components that allow employees to interact with machines. Thus, if the cyber attacks are successful, the threat actors might gain access to critical systems. As a result, they could cause serious outages and malfunctions.

Unfortunately, most OT devices use outdated software, poor configurations, and weak passwords. On top of that, they don’t follow security guidelines and are connected directly to the internet. This negligence allows hackers to use internet scanning tools to discover and target them. Also, most operations affected both the public sector facilities and private companies. So, even the private sector needs to ensure the security of OT devices.

In 2023, a group of threat actors known as Storm-0784 or CyberAv3ngers targeted the Aliquippa water plant in Pennsylvania. Their attack managed to cause the outage of a pressure water pump on the municipal water supply line. Also, there were multiple operations on Unitronics PLC-HMI OT systems in other parts of the world.

According to the Microsoft Digital Defense Report 2023, 78% of the industrial network devices on customer networks monitored by Microsoft have security vulnerabilities, of which 46% use deprecated firmware and 32% use outdated software. Some devices lack a password or have a weak one.

How can you protect your OT systems?

Microsoft has a few tools and recommendations to protect your OT devices and enhance security. For example, you can use Microsoft Defender for IoT to monitor your device and detect threats. You can get Microsoft Defender Vulnerability Management to automate the process of patching vulnerabilities.

In addition, consider closing unnecessary internet connections and make sure that your OT devices are not directly connected to the internet. Also, close unnecessary open ports and limit access to them. On top of that, you can implement zero-trust practices by isolating parts of the network using firewalls.

Ultimately, if your OT devices are not following the best security guidelines, you should start checking them. Also, consider informing your team about the risks of connecting them directly to the internet. Remember, threat actors are targeting poorly secured devices with outdated software.

How are you defending your OT systems? Let us know in the comments.

More about the topics: Cybersecurity, microsoft