Critical infrastructure facilities running on operational technology (OT) devices are now a “constant target” of threat actors looking to disrupt industrial operations, according to research released Tuesday by Forescout.
Threat actors target OT and IoT devices because they are the most difficult to patch. In one instance, threat actors have been observed exploiting a cross-site script (XSS) vulnerability that affects OT converter devices from Chiyu Technology, a Taiwanese manufacturer, leading to speculation that the attackers are possibly linked to China.
Forescout said the vulnerability — CVE-2021-31250 — was attacking Chiyu coverters typically used to connect serial devices — such as access control, CNC machines, and flow meters — to the IP network for monitoring and control.
“We saw this as more of a targeted attack,” said Elisa Costante, vice president, research at Forescout. “The fact that it was a Taiwan manufacturer targeted is even more interesting because it means it was possibly connected to Chinese activities.”
Costante said the researchers also observed attackers using protocols associated with the electricity sector to create connections and exploit OT devices. Along with Modbus, Constante said they observed attackers using DNP3, MMS, and Synchrophasor to attack OT devices and systems that typically have weak authentication and encryption.
“Attackers are constantly probing these devices for weaknesses and many organizations are often blind to that because they believe they do not have OT assets to protect,” said the Forescout report. “The truth is that building automation and even protocols such as Modbus for industrial a ..
Support the originator by clicking the read the rest link below.
