.jpg)
The Five Eyes (United States, Australia, Canada, New Zealand, and United Kingdom) issued an alert giving a “comprehensive overview of Russian state-sponsored and cybercriminal threats to critical infrastructure.”
Commenting on the Five Eyes alert, Vito Rallo, Associate Managing Director at Kroll for Cyber Risk, said:
“2021 was a record year for vulnerabilities and exploits available in the wild, and Kroll is currently seeing double-digit growth in attacks targeting the manufacturing industry, potentially implying that supply chains are under attack. This poses a major issue for those running critical infrastructure, and threatens to disrupt all of us who rely on it. The overwhelming challenge for Operational Technology (OT) systems is that they are very difficult – if not impossible – to patch. Either the patches are simply unavailable or the risks of applying them are high, due systems being obsolete or out of support.
“To avoid these vulnerabilities being utilized by attackers when most geopolitically impactful, there are a number of ways organizations can increase their cyber resilience to attack. For example, network segmentation can help. The exposure of assets and systems, even if unpatched, needs to be reduced so that vulnerable systems are difficult to reach and exploit. Performing compromise assessments and threat hunting with specialized knowledge for OT is vital. This is often the only way an already compromised system can be identified and the risk mitigated. Without this, exploits can be available to attackers ‘in the dark’ before they are made public and properly protected against.”
