Cybersecurity Threats Posed by USB to Industrial OT Has Doubled, Finds Honeywell's USB Threat Report

Honeywell | July 09, 2020

Cybersecurity Threats Posed by USB to Industrial OT Has Doubled, Finds Honeywell's USB Threat Report
In a report released today by Honeywell (NYSE: HON) based on cybersecurity threat data collected from hundreds of industrial facilities globally, the severity of threats detected to operational technology (OT) systems has risen by significant amounts over a 12-month period. The findings from the latest Honeywell Industrial USB Threat Report show that the total amount of threats posed by USB removable media to industrial process control networks remains consistently high, with 45% of locations detecting at least one inbound threat. Over the same time period, the number of threats specifically targeting OT systems nearly doubled from 16 to 28%, while the number of threats capable of causing a loss of view or other major disruption to OT systems more than doubled, from 26 to 59%. The report shows that 1 in 5 of all threats was designed specifically to leverage USB removable media as an attack vector, and more than half the threats were designed to open backdoors, establish persistent remote access or download additional malicious payloads. These findings are indicative of more coordinated attacks, likely attempting to target air-gapped systems used in most industrial control environments and critical infrastructure.

Spotlight

Organizations face difficult challenges when operating computer systems in multiple security domains. Among the most problematic is adding new applications that must communicate across domain boundaries.

Related News

Small and Medium Businesses Need to Improve Their Cybersecurity Post COVID-19 Lockdown

BullGuard | June 09, 2020

Given the sheer quantity of SMBs, their cybersecurity directly affects local resiliency in the face of cyber threats, SMBs must embrace their importance and scale up their cybersecurity appropriately. Published research showing that one third of small and medium businesses (SMBs) use free, consumer-grade cybersecurity tools . The government and major financial services players alike tout the digitization of SMBs. Increased use of information technology and digital assets offer companies new sources. COVID-19 showed the world that widespread business failure affects communities. When businesses fail, business owners and workers can suffer heightened mental health issues and economic insecurity. Business failure increases the demand on local government for public assistance for unemployment benefits, small business loans, and more. Businesses that survive have fewer customers, and customers have fewer dollars to spend. As a result, more businesses fail. As more businesses fail, more people suffer. Alternatively, business success strengthens communities. Thriving businesses encouraging the creation of community identify and get involved in local events. They contribute to their localities’ long-term economic growth by increasing the tax base, providing local jobs and products, building infrastructure, and encouraging competition. The government and major financial services players alike tout the digitization of SMBs. Increased use of information technology and digital assets offer companies new sources of revenue and growth, which companies desperately need in the midst of the current economic collapse. Even as digitization increases, 66 percent of small-business senior decision makers believe that cyber-attacks will not affect them. However, 67 percent of businesses suffered a cyber-attack in 2019. Read more: CISA RELEASES FIRST OF ITS SERIES OF SIX CYBERSECURITY ESSENTIALS TOOLKITS Finding online resources to boost cybersecurity is easy. Plenty of private companies publish lists of best practices. On its website, the Small Business Administration offers free access to planning tools, business assessments. ~ Business Administration Since the beginning of the COVID-19 pandemic, one in seven SMBs have experienced a cyber-attack. Due to their general absence of awareness regarding best cybersecurity practices and their indifference toward the problem, small businesses have insufficient personnel dedicated to protecting their networks and their digital assets. Their staff lack necessary technical skills, and they do not have the budgets required to acquire or purchase adequate protection. The result is a self-defeating cycle. A small business hit by a cyber-attack can fail, like the California-based Efficient Services Escrow Group, which closed and laid off all employees following a cyber heist. When businesses fail, their employees lose their jobs and no longer have enough money to purchase goods and services from other small businesses. Those businesses lose money as a result, and their owners, stressed about their economic prospects and already apathetic toward the importance of prioritizing cybersecurity, spend less on network and digital asset protection. The lack of proper spending and prioritization leads to worse cybersecurity practices, which in turn open the door to more cyber-attacks and more business failure. As SMBs prioritize their time and spending during the long process of reopening, they need to take advantage of these free tools and take their cybersecurity at least one step further. Cyber resiliency is the ability to anticipate cyber-attacks or stresses on digital and cyber resources, withstand them, and recover from them. As cyber-attacks on SMBs systematically weaken local communities, they lose their ability to withstand and recover. This strains public resources. Taxes comprise the largest source of revenue for local governments, but when businesses fail, their tax dollars dry up. Local governments, already lacking requisite cybersecurity resources, lose their ability to secure themselves and their communities. Failure is not inevitable. SMBs can take steps to increase their cyber resilience and boost their chances of success. Owners should lead by example and pay attention to their employees’ online habits. They can demonstrate good cyber hygiene and teach their employees to do the same. Owners should identify business-critical assets and data to prioritize their protection. They should be proactive, rather than reactive, when planning protection against cyber-attacks. Finding online resources to boost cybersecurity is easy. Plenty of private companies publish lists of best practices. On its website, the Small Business Administration offers free access to planning tools, business assessments, cyber hygiene vulnerability scanning, and best practices. As SMBs prioritize their time and spending during the long process of reopening, they need to take advantage of these free tools and take their cybersecurity at least one step further. Read more: REDSCAN WARNS OF AN INFLUX OF CYBERATTACKS WHEN BUSINESSES RETURN TO THE OFFICE

Read More

NETWORK THREAT DETECTION

Solvo ReInvents Cloud Identity and Access Management with IAMagnifier

Solvo | November 30, 2021

Solvo, a security automation enabler for cloud development and production environments", announced today the availability of its "IAMagnifier" – a cloud SaaS security platform, enabling developers, DevOps and cybersecurity stakeholders working in cloud development environments to reduce potential cybersecurity threats caused by misconfigured access permissions to cloud assets. To truly enable a secured, yet productive development environment, a "least-privileged" permission mechanism should be employed – by using this methodology, the access level for each asset is defined by answering the question "How can I prevent access to that asset from anyone or anything other than anyone or anything that is supposed to access it to perform their intended task?". Today, security-minded developers and security stakeholders within the organization had to manually inspect security permissions configurations for each asset, compare the permission levels found within the specific asset's configuration to the permission level stated by the relevant organizational policies, and if the actual permission level is too lenient – rectify the situation by updating the asset's permission configuration. In addition to the need to perform these set of activities for each individual asset, a task which might entail an enormous waste of time and effort, the permission level to which the "wrong" configuration should be updated to may not be the best one according to the specific characteristics of each individual asset. "Solvo's IAMagnifier turns this cumbersome, lengthy, inefficient, and error-prone process of managing cloud assets' access permissions, into an automated, centralized, fast and decision-assisted experience,It does so by constantly inspecting the assets' access permissions configurations, analyzing gaps between the current and desired permission level, suggests the needed changes to the configuration, and performs these changes if approved by the user." Solvo's Co-founder and CEO, Shira Shamban To present the most relevant and updated data about permission levels and potential risks derived from permission level gaps, Solvo's IAMagnifier offers visual experience, which turns boring tables and records into easy to comprehend mapping of connections and dependencies between Roles, Policies, assets and users. The IAMagnifier also highlights what its analyzer has declared as "excessive permissions", and suggests an alternative, least-privileged permission policy, which can then be enforced by the user just by approving the suggestion. Unlike traditional infrastructure default definitions or human-set definitions, the "excessive" permission status definition and the alternative permission suggestion the IAMagnifier highlights and suggests are derived from analyzing actual real behaviour of the application and finding the balance between preventing unrequired access by irrelevant stakeholders, and keeping an uninterrupted workflow for relevant stakeholders (i.e least-privileged). Sylvie Veilluex, Solvo's advisor and former CIO of Dropbox, added: "The team has been offering early access to the IAM Magnifier to selected customers, and the feedback has been nothing short of amazing. One of the CEO whose company was using the IAMagnifier went on to declare the ability to easily see the company's security posture, and effortlessly enhance it, made scaling the company's cloud and business infrastructure frictionless and even enjoyable." Solvo's team will present IAM Magnifier during AWS' Re:Invent conference, which takes place in Las Vegas, NV, between November 29th and December 3rd, 2021. Solvo will also be providing a free AWS S3 Bucket policy auditing during the conference, and visitors can schedule a meeting with the team for a chance to get back from Vegas with a win. About Solvo Solvo allows security teams to empower software developers and accelerate their cloud delivery. The developer-centric security platform creates and maintains a least-privilege security policy for cloud native applications. It adapts the security configuration to every environment, creates it from scratch and monitors for changes, integrating with existing workflows seamlessly and automatically.

Read More

DATA SECURITY

ActZero to Partner with Zeguro to Give Holistic Cyber Risk Management and Response for all Businesses

ActZero | June 10, 2021

ActZero, a cybersecurity startup, has decided to partner with Zeguro, a cyber-insurance provider, to create a complete cyber risk management solution for mid-size and small-size businesses. As ransomware is becoming the norm and bad actors come against SMBs that are less-well-resourced, businesses seek far better solutions for security and insurance. To keep business premiums low and business secure, cyber insurance providers have long been advocated for clients to leverage response and detection capabilities that will reduce various risks of cyber threats in operations. This relationship will enable multiple organizations to know about management strategies of risks across both paths. The intelligent managed detection and response (MDR) service of ActZero provides protection, response, and monitoring 24/7 support. Earlier times, advanced cybersecurity technologies were accessed by corporates only as it was considered a luxury. SMBs can effectively prevent intrusions and manage threats with ActZero. Innovation in machine learning and artificial intelligence and a novel combination of threat-hunting expertise of the platform will assist SMBs for it. ActZero has the capabilities that strengthen its clients to elucidate and toughen their security, strengthen their defense competencies, and significantly decrease risk over time. The mission of Zeguro is to simplify cyber insurance through effortlessly achievable and comprehensible cyber quotes that can obtain in a few minutes. Customers of ActZero can take benefit of its relationship with Zeguro to inexpensively accomplish coverage for loss of revenue from payment fraud, breaches, regulatory fines, ransomware, and more. About ActZero ActZero enables companies to become secure utilizing fewer internal resources. They combine threat hunting expertise with emerging AI and ML technology to identify more vulnerability more quickly, proactively recommend and prioritize actions to seal gaps, rapidly contain and remediate threats and ultimately harden their customers' cybersecurity posture. They illuminate a different path forward for IT and security professionals that don't involve building one's own SOC. About Zeguro Zeguro provides holistic risk management to organizations of all sizes through its integrated cybersecurity and cyber insurance solutions. These solutions include insurance premiums tailored to the sector, size, and profile of a company and a suite of Cyber Safety tools for risk mitigation and compliance.

Read More

Spotlight

Organizations face difficult challenges when operating computer systems in multiple security domains. Among the most problematic is adding new applications that must communicate across domain boundaries.