I ran into an interesting article over on IndustrialCyber.co looking at the recently released report from the Coast Guard Cyber Command. That report, “2023 Cyber Trends and Insights in the Marine Environment Report”, takes a look at last years trends in maritime cybersecurity. It is a 60-page report with lots of detail, so it is well worth reading. And Anna Ribeiro’s article provides a good overview.
The report includes a fairly detailed discussion (pgs 16-20) about the techniques that Cyber Protection Team (CPT) members used to gain entry to systems during their cybersecurity assessments. Nothing really fancy, certainly no 0-day exploits; just solid application of cybersecurity knowledge.
The discussion about strengthening OT networks (pgs 24-28), while short is illuminative. The Cyber Command authors identify the “three common vulnerabilities present in almost every OT network” the CPT assessors looked at:
• Improperly segmented networks,
• End-of-life software, and
• Use of legacy protocols.
The OT hardening discussion then focuses on how to fix those issues first. Not a bad idea for any OT system.
The final thing I want to point out in the report is Appendix C, “Known Exploitable Vulnerabilities Detected on Cpt Missions”. This appendix lists the vulnerabilities found during CPT missions that are listed in CISA’s Known Exploited Vulnerability (KEV) Catalog. The number of KEV’s found is remarkably small, but that is more than made up for how old some of them are. The oldest KEV reported by the CPT’s in the wild is an “Apache HTTP Server-Side Request Forgery (SSRF)” - CVE-2012-1823. Even being over a decade old, the CG cyber personnel found two incidences of this vulnerability available for attack.
This is a unique look at cybersecurity in the wild, well worth the read even if you have nothing to do with the maritime domain.
No comments:
Post a Comment