Security News > 2021 > July > Moving OT to the cloud means accounting for a whole new host of security risks

The report, from Claroty research arm Team82, uncovered seven new CVEs, three affecting CODESYS software and four affecting WAGO PLCs. The vulnerabilities can be leveraged remotely and let an attacker break into a cloud management console via a single compromised field device, or take over multiple PLCs and OT devices using a single compromised workstation.

Unfortunately for organizations moving their OT to the cloud, none of these exploits were possible when systems were located on site without any internet-facing elements.

In addition to using attacks that all cloud platforms are vulnerable to, Team82 said one of its approaches involves gaining unauthorized access to an operator account "Using different methods." Again, these different methods are likely similar to other attacks used to steal credentials, like phishing, which has been on the rise as more organizations move to cloud-based models to enable remote work.

Team82 detailed two different approaches to gaining access to OT networks and hardware: A top-down approach that involves gaining access to a privileged account and thus a cloud dashboard, and a bottom-up approach that starts by attacking an endpoint device like a PLC from which they can execute malicious remote code.

Regardless of the method, the end result for the attacker is the same: Access to, and control of, an OT cloud management platform and the ability to disrupt devices and businesses.

Be sure to keep track of which existing solutions aren't cloud connected and regularly check for updates to ensure new software with new capabilities is installed immediately to improve visibility.

News URL

https://www.techrepublic.com/article/moving-ot-to-the-cloud-means-accounting-for-a-whole-new-host-of-security-risks/#ftag=RSS56d97e7