As the functionality of operational technology (OT) has improved, the potential threat of cyberattacks has also increased, so as OT advances, the importance of robust cyber defenses continues to grow. To prevent a business or human disaster, it has become necessary to create operational and IT environments that are secure from the outset.

Robots are a resource that has become significantly more important in recent times due to technological advances and the huge increase in the number of robots in use. In the face of the COVID-19 pandemic, robots have reduced exposure by taking on high-risk tasks. They have also greatly increased the efficiency of vaccine production and administration. This makes them a very attractive target for cybercriminals, who are constantly looking for ways to increase the pressure on companies in the hope of obtaining higher ransom sums more quickly. To prevent or at least make this extortion more difficult, the threat researchers at OT cybersecurity experts TXOne Networks, took part in a joint study with partner TrendMicro to improve the security of autonomous mobile robots (AMR) without compromising their operational efficiency.

Over the last ten years, a consistent pattern of cyberattackers has emerged, meticulously attempting to penetrate the previously unknown and therefore unsecured realm of operational technology in order to extort as much money as possible by any means necessary. Up to now, the incidents recorded in connection with robots were mostly unintentional and often resulted from operating errors or IT construction sites that did not comply with security standards. In the near future, however, affected companies should expect hackers to develop a more detailed understanding of the operating conditions and functionality of robots. This will ultimately put them in a position to launch targeted attacks on these systems and the means of production, thereby also endangering human lives.

Cybercrime as a service

Over the last ten years, cybercriminals have begun to create databases on the dark web in which the attack methods, the tricks used and the necessary applications can be classified and organized. The creation of these databases has been followed by the emergence of a service system in which cybercriminals make their tools available to paying customers. This is known as Ransomware-as-a-Service (RaaS).

The emergence of RaaS as a cybercrime business model is a precursor to serious cyberattacks on many large organizations. It is likely that such attacks will continue to increase as long as they are successful and result in large monetary payments to cybercriminals. In this context, it is important to point out that probably less than half of cyberattacks are leaked to the public, while the rest are carried out quietly behind closed doors.

RaaS has been successfully used by "subscribers" from various sectors to cause several major cyberattacks. The cyberattack program is even conveniently available through various purchase models such as a one-time fee, monthly subscription or profit sharing.

A particularly notable example of RaaS are the attacks using the REvil ransomware from 2021, which was the linchpin of numerous serious cyberattacks:

• In April 2021, there was an attack on the Taiwanese hardware and software provider Quanta Computer, in which attackers attempted to extort 50 million US dollars using stolen designs from Apple and Lenovo.
• In May 2021, the world's largest meat processing company JBS S.A. was forced to shut down some production lines and decided to make a payment of 11 million US dollars to prevent stolen data from being published on the Internet.
• In July 2021, attacks on supply chains based on the remote monitoring and management software Kaseya VSA (Virtual System Administrator) caused downtime for over 1,000 companies.

It is very likely that the next wave of cyberattacks will focus on or make use of the instrumentalization of OT technologies. Aggressive, persistent attackers are certainly willing to risk human lives in the hope of a quick ransom payment.

OT and the cyber threat

Over the past decade, many vertical industries, especially those dealing with critical infrastructure, have found that cybersecurity must now be a fundamental part of their business. The medical industry, for example, has been forced to defend itself against waves of targeted cyber attacks in recent years. But any other operational environment, such as in the oil and gas, semiconductor or automotive industries, runs the risk of being exposed to a similar level of cyber risk.

One way to protect against such attacks is through industry-specific regulations. However, TXOne Networks' threat researchers have found that while these regulations raise the standards for defending these networks and assets, they also create similarities or patterns that hackers can anticipate and exploit. According to the experts, while these regulations are good for preventing low-effort attacks, such as those based on "spray-and-pray" tactics, i.e. indiscriminate attacks. However, the sophisticated and targeted cyberattacks mentioned above are carefully designed to inflict as much damage as possible on specific industries. Therefore, they can only be reliably prevented by protective measures that are adapted to industry-specific concerns and supported by the consistent work and updates of security researchers.

Cybercriminals have been targeting various manufacturing companies for years with cyberattacks aimed at extorting as much money as possible, as they believe that this industry is most likely to be able to make large and quick payments in exchange for the return of their production equipment or data. According to a report by TXOne Networks partner Trend Micro ("The State of Industrial Cybersecurity"), 61% of factories were affected by a cyberattack, with 75% of these incidents resulting in a production shutdown. In 43% of cases, production was interrupted for more than 4 days. The key finding here is that important and profitable companies are increasingly being targeted. It is therefore advisable to secure these production facilities with the latest security devices and protection solutions available.

Dr. Terence Liu, CEO TXOne Networks