AI Is Changing Cyberattacks, and OT Networks Must Prepare

Just a few years ago, cyberattacks were seen as mere theoretical possibilities by many companies. Companies could typically assume they weren't strategic targets and were of little interest to cyber criminals. Attacks weren't perceived as actual threats.

Today, however, almost every company faces vulnerabilities posed by IT security problems and the possibility of a cyberattack. New technology, such as generative artificial intelligence (AI), makes it even easier for bad actors to infiltrate your network.

Cybersecurity: The current situation

A company’s size, sector and previous exposure often determine its level of cybersecurity risk. Critical infrastructure (CRITIS), such as infrastructure deployed in the transportation, telecommunications and energy sectors, often requires certain security measures and standards for liability and legal purposes. Even sectors that aren’t mission-critical have specific industry standards and requirements to abide by, such as the TISAX standard for the automotive industry.

And while other industries may lack regulations to standardize security levels, it doesn't mean security isn't important. Companies that take steps to protect themselves make for more reliable business partners and suppliers and can handle customer data with confidence. In other words, IT security is increasingly becoming an economic factor as well.

How new technologies accelerate cyberattacks

As technologies like AI are being used more often in business for analytical purposes, bad actors are taking advantage of this permeation to make their attacks more effective, qualitative and cost-efficient.

AI helps create new opportunities for attackers, especially during the initial infection (the method used to gain access to a system for the first time).

Consider social engineering and system vulnerabilities, for example. Generative AI makes social engineering much more dangerous. While awareness training prepares employees to identify and handle phishing emails and dubious content, AI can make these attacks more difficult to recognize. The technology can be used to create higher-quality attacks that are tailored to specific people or job titles within a company.

In addition to generating highly specific phishing content, AI voice generators can use information from publicly accessible databases (a YouTube video, for instance) to simulate the voices of leaders or colleagues. By mimicking the voices of these trusted individuals, bad actors create convincing phishing attempts that are more likely to deceive because they're harder to distinguish.

In addition to imitating and creating images, videos and voices, generative AI can also write code, making it faster and easier for attackers to create specific malware programs. In a very short amount of time, programs can be written to automatically detect and exploit vulnerabilities without human intervention. AI also allows bad actors to target a larger number of companies at the same time. While the quality of the attack increases, the cost per attack decreases.

Raising awareness about the changing cybersecurity environment is vital among internal teams to make sure social engineering attacks can be recognized.

Prepare for system recovery to reduce costs and save time

For many affected companies, system recovery after an attack is the real mammoth task.

With the new opportunities available to attackers, now is the time for companies that have previously seen themselves as unattractive targets to take proactive security measures. When an attack can't be prevented, the right security solutions help with damage control and IT forensics.

For example, you should have systems in place that allow you to answer the following questions immediately after a security incident occurs:

• Which systems were affected?
• How did the attacker gain access?
• How long has the attacker been in the system?
• Which systems need to be isolated?
• Which systems need to be reinstalled?
• Has there been any data loss?

Your team must also be able to identify backups at the point prior to when the attacker infiltrated the system, as well as check for any back doors installed by the attacker to rule out the possibility of multiple attacks.

Restarting systems can be complicated, especially in OT environments. Individual system recovery steps can take several weeks or months and result in greater financial loss than the cyberattack itself. For instance, after an attack on a public transportation provider, ticket machine operating systems must be reinstalled. While this task doesn’t require complex IT knowledge, it eats up valuable time and resources by requiring service technicians to be onsite working at every machine.

In a best-case scenario, the steps for system recovery are clear and documented well before an attack occurs.

Secure your OT environment

With macmon Network Access Control (NAC), you gain transparency, secure authentication and granular access control across your critical networks to improve cybersecurity.

You can secure your OT environment by keeping all nonessential devices off the network and creating security zones based on criticality. Information about the operating system, domain name and device name of an endpoint is collected to distinctly identify connected devices. This information can then be used to detect, repel and locate attacks of all sorts.

Liens associés :

• 6 bonnes pratiques pour faire progresser la sécurité OT dans le contexte de la convergence IT/OT
• Sécurité informatique et sécurité OT : quelles sont les principales différences ?
• Interopérabilité et disponibilité : ennemis ou alliés en matière de cybersécurité ?