AI-Enhanced Security: Countering IoT threats

In an evolving landscape of cyber threats, nation-state attackers are increasingly targeting vital infrastructure and manufacturing sectors by exploiting unprotected IoT sensors. These intrusions have evolved from sporadic incidents into all-out assaults. Organisations are struggling to keep pace, often lacking awareness of the extent and security status of their IoT devices.

 Additionally, cyber adversaries are capitalising on AI and machine learning expertise, challenging security teams to adopt advanced measures to safeguard against ransomware and other attacks. These developments highlight the pressing need for enhanced cybersecurity strategies across industries.

Nation-state attackers are honing their techniques

The attackers are exploiting unprotected IoT sensors essential for infrastructure and manufacturing, increasingly targeting US and European entities. What were once sporadic attacks have now evolved into a widespread assault on infrastructure and production facilities.

These attacks focus on organisations that lack awareness of their sensor and endpoint count, patch status, and security. In typical enterprises, IT and security teams are often unaware of up to 40% of their endpoints. In Q2 2023, manufacturing endured 70% of all ransomware attacks, followed by industrial control systems (ICS) equipment and engineering, at 16%.

Gaps between operational technology (OT) and IT systems, along with unprotected ICS, offer vulnerabilities. In the past year, 75% of OT organisations reported at least one breach.

Emphasising the need for robust ransomware defense, experts recommend the use of AI tools to automate tasks, allowing security professionals to focus on strategic security activities.

Using AI-based attack tools

Well-funded attackers are recruiting AI and machine learning experts to develop the next generation of AI-based attack tools. These threat actors employ social engineering and reconnaissance in orchestrating attacks, often with more knowledge about a target’s network than its administrators.

Security professionals have observed an evolving landscape with faster, more efficient attacks, often coupled with deepfakes and advanced social engineering. These cyberattacks underscore the rapid adaptation of technologies compared to infrastructure and manufacturers’ responses.

Nation-state attackers have shifted from sporadic probing to constant, unmistakable attack patterns and tactics. They are intensifying their efforts to infiltrate processing plants, distribution centers, and R&D facilities.

Security professionals are concerned about losing the AI security battle, with attackers gaining the upper hand. Many organisations are already using AI for security, and others plan to adopt AI-based cybersecurity solutions shortly.

The manufacturing sector faces an undisclosed epidemic of ransomware attacks, with a significant percentage targeting manufacturing OT systems. These attacks disrupt industrial control systems, resulting in substantial financial losses.

The Cybersecurity and Infrastructure Security Agency (CISA) has reported a surge in infrastructure and manufacturing attacks, supported by recent advisories regarding ICS. These attacks typically begin with unprotected IoT, IIoT, and programmable logic controllers (PLC), which provide real-time data across infrastructure and plant floors. Nation-state attackers are using AI to make bold political statements or demand ransoms, targeting energy, water, oil infrastructure, healthcare, and manufacturing. These sectors are particularly vulnerable due to the potential impact on human lives and financial losses.

Bridge the gap between OT and IT networks, protecting IoT sensors

Experts emphasise the need for better risk and vulnerability visibility in OT networks and infrastructure. Introducing a solution leveraging AI and ML for potential breach and intrusion identification in IoT, OT, ICS, and their integration with IT systems. This offers real-time visibility into ransomware indicators across multiple sites, enabling early threat detection.

The acquisition of SCADAFence aims to bridge the gap between OT and IT networks, protecting IoT sensors. This solution provides a comprehensive view of OT cybersecurity, facilitating threat visibility and policy adherence. Various cybersecurity providers are working to close IoT security gaps by continuously improving discovery technologies.

AI plays a crucial role in ransomware defense, especially in the cloud, where permissions are complex. Organisations are advised to focus on basics such as discovery, segmentation, and identity for every IoT endpoint to prevent breaches. Multiple IoT cybersecurity solutions are available, emphasising the need for a unified endpoint management solution to discover all assets on an organisation’s network. Understanding and managing deployments is crucial for effective cybersecurity.

As the threat landscape rapidly evolves, organisations must bolster their cybersecurity measures. With the growing sophistication of nation-state attackers and their focus on IoT vulnerabilities, proactive defense strategies, AI integration, and stronger awareness are essential to safeguard critical infrastructure and manufacturing sectors from escalating cyber threats.