Nozomi Networks is warning about the first ransomware specifically designed to exploit vulnerabilities in OT systems.
It has detailed its warnings in its OT/IoT Security Report, saying: “During the first half of 2020 we saw the first ransomware targeting industrial automation software (SNAKE/EKANS) that moved laterally within the victim network to search for valuable data to encrypt and/or steal.”
Nozomi said the emergence of SNAKE/EKANS ransomware signalled an important trend of ransomware operators targeting industrial control systems, with several successful publicly known attacks having used variants of the malware.
“While not particularly advanced, this malware presented a ‘kill-list’ of processes related to industrial automation software … similar to an earlier one found on samples of the MegaCortex ransomware,” Nozomi said.
“To properly defend an OT/IoT network from this kind of intrusion, it is necessary to use a network monitoring solution to detect and stop the intrusion while it is still in the reconnaissance phase.”
Andrea Carcano, Nozomi Networks co-founder and CPO, said the steep rise in threats targeting operational networks should be a serious concern for security professionals responsible for keeping OT and IoT networks safe.
“The days when threats to operational networks were few and far between and often attributed to nation-state actors are clearly behind us. As IT, OT and IoT worlds converge, threat actors of all types are setting their sights on higher value targets, leaving security organisations scrambling to keep up.
“It’s a daunting task, but not impossible. We know from working with thousands of industrial installations that you can monitor and mitigate these risks, whether they stem from cybercriminals, nation-states or employees.”
Nozomi Networks’ OT/IoT Security Report summarises the most active OT and IoT threats and vulnerabilities seen by Nozomi Networks Labs in the first six months of this year. It shares insights into threat tactics and techniques and provides recommendations for protecting critical networks.
Nozomi’s Australian partner
Earlier this year Nozomi Networks — which specialises in providing security technology across OT and IT networks —formed a partnership with Australian cyber security specialist Cyber Partners under which Cyber Partners will use Nozomi technology to underpin managed security services for operators of industrial infrastructure.
