microsoft OT

Microsoft: Emphasizes the need to strengthen the security of OT systems

Microsoft emphasized the urgent need for the security of internet-exposed operational technology (OT) systems following a series of cyberattacks that began in late 2023.

These attacks highlight the critical need to enhance the security of OT devices to prevent their exploitation by malicious actors. A cyberattack on an OT system can alter critical industrial process parameters, causing operational disruptions and system outages.

Microsoft also noted that many OT systems often lack adequate security mechanisms, making them vulnerable to attacks. The risks increase when OT devices are directly connected to the internet, allowing attackers to locate and exploit weak passwords or outdated software with known vulnerabilities.

Claroty revealed a devastating malware named Fuxnet, which is believed to have been used by the Ukraine-supported Blackjack group against the Russian company Moscollector. To mitigate potential risks, Microsoft recommends organizations implement security practices for their OT systems, reducing the attack surface and adopting a zero-trust approach.
Blackjack described Fuxnet as “Stuxnet on steroids,” with Claroty noting that the malware was likely deployed remotely to targets using protocols such as SSH or SBK. Fuxnet has the capability to destroy the filesystem, block device access, and cause physical damage to NAND memories. Additionally, it rewrites the UBI volume to prevent sensor reboot and sends M-Bus messages to destroy the sensors.

microsoft OT

According to the Russian company Kaspersky, the internet, email clients, and removable storage devices are major threat sources to OT infrastructure. Malicious actors use scripts to gather information, monitor, and deploy malware on the user’s computer or browser.