Partner Perspectives

Microsoft Digital Defense Report: Trends In Device and Infrastructure Attacks

In part two of this three-part series, Microsoft synthesizes the impact of IoT/OT security challenges and offers tips for strengthening security there.

Cybersecurity is ever-evolving. That's why Microsoft tracks intelligence from trillions of daily security signals to gain insight into what threat actors are doing and provide guidance for how organizations can strengthen their cyber defenses.

We've distilled this intelligence down into the "Microsoft Digital Defense Report" — a comprehensive guide on the leading cybersecurity trends for 2022. Our report offers a deep dive into the most pressing cyber threats as they relate to cybercrime, nation-state threats, devices and infrastructure, cyber influence operations, and cyber resiliency.

In this post, we'll break down section two of the report on device and infrastructure attacks. Read on to learn how accelerating digital transformation has increased the cybersecurity risk to critical infrastructure and cyber-physical systems.

Rapid IoT Adoption Increases Attack Vectors, Exposure Risk

Nearly three-quarters (68%) of CISOs said they believe that adopting Internet of Things/operational technology (IoT/OT) is critical to their strategic digital transformation, according to a survey conducted by Microsoft and Ponemon. However, rapid IoT adoption has also increased the number of attack vectors and the exposure risk of organizations. Of those same survey respondents, 60% recognize that IoT/OT security is one of the least secured aspects of their infrastructure.

This is because the migration to IoT has outpaced most organizations' ability to keep up. IDC estimates there will be 55.7 billion connected IoT devices by 2025. This leaves a large number of entry points that attackers can use to target your networks. Last year, Microsoft identified unpatched, high-severity vulnerabilities in 75% of the most common industrial controllers in customer OT networks.

This is especially problematic as malware-as-a-service targets large-scale operations, such as civil infrastructure and corporate networks. Microsoft has observed increased threats exploiting devices in everything from traditional IT equipment to OT controllers or simple IoT sensors. We have also seen malicious actors target power grids, leverage ransomware to disrupt OT operations, and use IoT routers for increased persistence.

5 Ways To Increase IoT/OT Security

Although the security of IT equipment has strengthened in recent years, the security of IoT and OT devices has not kept pace. Addressing this problem will require a consistent and comprehensive approach from public- and private-sector organizations. It can even encompass multiple approaches, including laws and regulations that are designed to build public trust in the cybersecurity of critical infrastructure and devices, as well as a "shift-left" approach into demanding and implementing better cybersecurity practices for IoT and OT devices themselves. Organizations can even implement a security monitoring solution that spans IT and OT networks to help reach an enhanced security posture while meeting business objectives.

Here are five additional tips for strengthening your overall IoT and IT security.

  • Start with the basics: Ensure devices are robust by applying patches, changing default passwords, and updating default SSH ports. We also recommend reducing your attack surface by eliminating unnecessary Internet connections and open ports, restricting remote access by blocking ports, denying remote access, and using VPN services.
  • Know your network: Gain deeper visibility into IoT/OT devices on your network and create a ranking system that prioritizes each device by the risk they pose to the enterprise if it is compromised. Use firmware scanning tools to understand potential security weaknesses, and work with vendors to identify how to mitigate the risks for high-risk devices.
  • Use the right tools for the job: Use an IoT/OT-aware network detection and response (NDR) solution and a security information and event management (SIEM)/security orchestration and response (SOAR) solution to monitor devices for anomalous or unauthorized behaviors, such as communication with unfamiliar hosts.
  • In the event of an attack, limit impact: Segment networks to limit an attacker's ability to move laterally and compromise assets after initial intrusion. IoT devices and OT networks should be isolated from corporate IT networks through firewalls.
  • Keep information — and devices — secure: In early 2022, we saw the first known redeployment of OT attack malware on a new target. The writer of this malware, Industroyer2, used their knowledge of the victim's environment to create a longer lasting and more damaging impact. That's why keeping your information secure is just as important as device security. Avoid transferring files that contain system definitions through unsecure channels or to nonessential personnel.

Read more: Key Cybercrime Trends (Part 1) and Nation-State Threats and Cyber Mercenaries (Part 3)