Security News > 2021 > July > Podcast: IoT Piranhas Are Swarming Industrial Controls

Podcast: IoT Piranhas Are Swarming Industrial Controls
2021-07-26 22:09

Full transparency: Curtis Simpson, CISO at Armis, the enterprise IoT security company, was fundamentally a black hat at the age of 12, before he even knew what a black hat was.

That mindset comes in handy in the space of OT and ICS: in other words, the world of operational technology, - the computing systems used to manage industrial operations - and industrial control systems.

"Most of the tech, the OT and ICS tech that exists in an enterprise or in critical industry, is decades old," Simpson explains, "The interesting thing we're seeing now, and why we're seeing so many vulnerabilities being disclosed, is because those vulnerabilities have always been there."

"What we're seeing is an interesting domino effect where record-setting ransomware payouts are happening with an OT and ICS organization. That's not by chance. The conversation I used to have with the execs and the board was that if this type of type of attack plays out in that environment and the computers that are the operational technology in this landscape, the IoT devices in this landscape, the integrated IT devices in this landscape, once they're impacted, and that impact starts to actually get into the operational technology itself? We're going to be in a rip and replace scenario. That's going to take us days to weeks to fully recover from."

"What we're seeing is an exponential level of effort being put towards understanding exposures in these environments, streaming together, exploitations around devices to be able to get to those environments," Simpson observes.

In this podcast, Simpson details how threat actors are trying to get into those environments, be it APT28 - the threat actor that built one of the largest botnets ever seen, entirely from IoT devices - or the light shed subsequently shed on other bad actors that create weaponized abilities against ubiquitous IoT devices we all have.


News URL

https://threatpost.com/podcast-iot-industrial-controls/168078/