Ransomware Increasingly Detected on ICS
July 1, 2021
Micro released a
new report highlighting the growing
risk of downtime and sensitive data theft from ransomware attacks aimed
at industrial facilities.
Variants of Conficker are spreading on ICS endpoints running newer operating systems by brute-forcing admin shares.
Legacy malware such as Autorun, Gamarue and Palevo are still widespread in IT/OT networks, spreading via removable drives.
The report urged closer cooperation between IT security and OT teams to
identify key systems and dependencies such as OS compatibility and
up-time requirements, with a view to developing more effective security
Tackle post-intrusion ransomware by mitigating the root causes of infection via application control software, and threat detection and response tools to sweep networks for IoCs.
Restrict network shares and enforce strong username/password combinations to prevent unauthorized access through credential brute forcing.
Use an IDS or IPS to baseline normal network behavior to better spot suspicious activity.
Scan ICS endpoints in air-gapped environments using standalone tools.
Set up USB malware scanning kiosks to check the removable drives used to transfer data between air-gapped endpoints.
Apply principle of least privilege to OT network admins and operators.