Microsoft has released the third edition of its Cyber Signals Report, which includes information on the increasing cyber risks to critical infrastructure posed by the Internet of Things (IoT) and Operational Technology (OT). The report provides insights on current cyber threats, with a focus on recent trends, attacks, and strategies.

The Cyber Signals: Edition 3 report states that in the past year, cyber threats have been targeting devices in almost every part of an organization. The International Data Corporation (IDC) predicts that there will be 41.6 billion connected IoT devices by 2025, a growth rate that is faster than that of traditional IT equipment. However, while security measures for IT equipment have improved in recent years, the security of IoT and OT devices has not kept up, and this has allowed threat actors to exploit these devices.

According to the Cyber Signals: Edition 3 report, Microsoft researchers analyzed threat data from 2022 and found that India is one of the top three countries of origin for IoT malware infections in that year. This shows that the threat landscape is real and that improved security measures are necessary. The report is intended to help incident responders and security specialists better understand their environments and prevent potential incidents.

Rising OT and OTT threats to users
Today, we see OT devices all around us, including building management systems, fire control systems, and physical access control mechanisms like doors and elevators.

IoT devices can offer significant value to organizations looking to modernize their workspaces and become more data-driven. However, as more devices become connected, the potential for cyber threats increases.

Microsoft has observed a spike in threats targeting traditional IT equipment, OT controllers, and IoT devices like routers and cameras.

In fact, Microsoft identified unpatched, high-severity vulnerabilities in 75% of the most common industrial controllers in customer OT networks. This highlights the need for organizations and individuals to consider the potential risks carefully and the consequences of increased connectivity across IT, OT, and IoT.

Attackers adopt sophisticated attack techniques
As per Microsoft’s Cyber Signals: Edition 3 report, advanced attackers are using a variety of tactics and approaches in OT environments. These tactics are often similar to those used in IT environments, but they are more effective in OT environments. For example, attackers may discover exposed, internet-facing systems, abuse employee login credentials, or exploit access granted to third-party suppliers and contractors.

Modern threats like sophisticated malware, targeted attacks, and malicious insiders can be difficult for traditional security measures to defend against. This highlights the need for organizations to carefully consider their security measures and stay up to date with the latest threats.

Zero Trust strategy is the key
Older operating systems may not receive the updates needed to keep networks secure. This is why it is important for organizations to prioritize the visibility of IT, OT, and IoT devices, in order to manage vulnerabilities and secure these environments.

The Cyber Signals: Edition 3 report found that 29% of Windows operating systems in customer networks have versions that are no longer supported. This includes versions like Windows XP and Windows 2000, which are still in use in vulnerable environments.

The report also found that over 1 million connected devices were publicly visible on the internet and running Boa, outdated and unsupported software that is still widely used in IoT devices and software development kits (SDKs).

To protect against these threats, organizations can use defense based on Zero Trust principles, effective policy enforcement, and continuous monitoring. This can help limit the potential impact of attacks and prevent or contain incidents in cloud-connected environments.