Rise of ransomware: Why OT is a prime target for cybercriminals

August 31, 2020

While the burgeoning world of Internet of Things (IoT) has transformed the ways in which we live and work, the world of IoT has also caught the attention of cybercriminals. As IoT devices become increasingly more advanced, hackers have simultaneously become more sophisticated in their attacks, often targeting pre-existing security loopholes to gain access to company systems. In recent years, malicious actors have gone from what were once singular hackers to entire organized companies, which some have dubbed “the cyber mafia.” These groups are launched with the sole intent to exploit major enterprises and make lump sums off of their cyber corruption.

Ransomware attacks in particular have become one of the most notorious ways for cybercriminals to extort corporations for millions of dollars. According to a recent report from SonicWall, ransomware attacks increased globally by 20 percent in the first half of 2020. Earlier this year, we saw this play out right before our eyes with the foreign exchange company Travelex, which came under attack by the REvil ransomware that put its website and mobile app offline and left customers without access to their travel money. The company reportedly paid a whopping $2.3 million in Bitcoin to the hackers to bring their systems back online, and it has since filed for bankruptcy in early August.

Cybercriminals are also leveraging ransomware to target physical hardware as well, including unsecured operational technologies (OT), which help run physical processes like that in industrial equipment or critical infrastructure. OT has become a prime target to hit because organizations typically don’t run security patches on them as frequently as they would with IT systems. Updating traditional OT systems is often viewed as a daunting task for organizations that takes extensive resources and time to achieve and can be seen as an inconvenience more than a necessity.

Unfortunately, leaving these OT systems vulnerable to attack has created a goldmine for hackers. This is especially true as more connected devices are introduced into the operational technology, increasing the level of access and exposing potential vulnerabilities. Hackers are also very much aware that these companies have a lot to lose and are willing to pay up to regain access to their operations, and a wide variety of institutions such as universities, hospitals, manufacturing companies and local and state governments have fallen victim to these attacks in recent years. According to IBM’s 2020 X-Force Threat Intelligence Index report, in the first half of 2019, more than 70 government entities alone were hit with ransomware.

Another reason hackers attack OT systems is because it’s potential to inflict extensive damage – far more than an attack a single IT device would, forcing the company to comply with the hackers' demands. For example, an OT attack on a hospital that prevents doctors and nurses from helping patients could potentially end in tragedy, leaving the hospital absolutely no other choice but to give malicious actors what they want. We've seen this kind of damage already, and if proactive steps are not taken by organizations to protect themselves and mitigate these issues down the line, they will be forced to pay a hefty price - not to mention deal with the ramifications of tarnished brand reputations in the future.

While there are many steps that organizations can take to help tackle these issues head on, one of the biggest is to simply make security a sustained priority. This is ultimately a cat and mouse game, and cybercriminals are continually adapting to security countermeasures. It is up to companies to ensure that they do the same. By taking stock of what systems are in place, increasing visibility around known and potentially unknown vulnerabilities, and addressing these threats through regular security patches, companies will be in much stronger positions to minimize future fallout. While it is clear that OT systems and IoT devices are growing targets and the historical lack of security measures around them makes it a challenge for companies, prioritizing security overall and identifying existing security loopholes are the first steps in ensuring that hackers have less direct access to critical systems.

Another strategy can be to partner with industry experts. Until recently, the lack of globally recognized IoT security standards has caused market confusion when it comes to connected device security and lack of harmonized standards for organizations to strictly follow. Industry-led non-profits such as the ioXt Alliance and others are working to change this narrative and offer the right resources for companies to learn directly from their industry peers on best practices, the means to test and certify current and future connected technology, as well as initiatives to actually advance connected device security and its ecosystem across the world.

Although ransomware attacks have grown, it is up to organizations to stay vigilant in protecting their systems, employees and customers. One of the most threatening things an organization can do is sit back and do nothing, and by putting security at the forefront and not as an afterthought, companies will more successfully minimize their risk for detrimental scenarios now and in the years to come.

Mike Dow is Senior Product Manager- IoT Security at Silicon Labs. He has worked in the semiconductor industry for Motorola, Freescale, NXP, and now Silicon Labs for the past 25 years. He has a Professional Engineering License in the state of Texas. He has extensive experience driving and participating in wireless standards organizations such as IEEE and ISA and helped form the Wireless Industrial Technology Consortium (WiTECK) where he filled the position of Chair and President from 2007-2009. He has worked for the last 11 years in the roles of Business Development, New Product Development, and Marketing where he specializes in Security, Connectivity, IoT, Industrial IoT, Point of Sale, and Smart Energy verticals.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.