How AI can help close IoT’s growing security gaps to contain ransomware

Nation-state attackers are fine-tuning their tradecraft to take advantage of unprotected IoT sensors essential to infrastructure and manufacturing and increasing their attacks against U.S. and European targets. Once-sporadic attacks have given way to an all-out assault on infrastructure and production plants.  

IoT attacks seek to take advantage of infrastructure and manufacturing organizations that don’t know how many sensors and endpoints they have, where they are, if they’re current on patches or if they’re secured. IT and security teams in a typical enterprise don’t know where up to 40% of their endpoints are. During Q2 2023, 70% of all ransomware attacks were aimed at the manufacturing sector, followed by industrial control systems (ICS) equipment and engineering (16%).

Unprotected gaps between operational technology (OT) and IT systems, along with unprotected ICS’, are soft targets. This past year, 75% of OT organizations experienced at least one breach intrusion.

More AI-based, tightly orchestrated cyberattacks coming

Well-funded nation-state attackers and criminal gangs are also recruiting AI and machine learning (ML) experts to help build the next generation of generative AI attack tools. Threat actors are orchestrating their IoT attacks with social engineering and reconnaissance and often know more about a target’s network than the admins do.  

Manufacturing CISOs seeing spikes in nation-state attack attempts say that new tradecraft reflects a faster, more efficient attack strategy often combined with deepfakes and advanced social engineering. Cyberattacks reflect a new generation of technologies capable of adapting faster than any infrastructure or manufacturer can respond.

“We used to see national-state attackers pulse our endpoints and infrastructure periodically — as if they had a schedule to probe us every few months,” one CISO told VentureBeat on condition of anonymity. Now, that security leader says attack patterns, signatures and sequence of tactics are unmistakable and constant. “They want into our processing plants, distribution centers and R&D facilities with a level of intensity we’ve never seen before.”

Other CISOs tell VentureBeat that they worry that security teams are losing the AI war because defensive versus offensive AI shows that attackers are gaining the upper hand. Nearly three-quarters (70%) of CISOs believe that gen AI is creating more advantages that tip in favor of cyber attackers. More than one-third (35%) already use AI for security applications, and 61% plan to adopt AI-based cybersecurity applications and tools in the next 12 months.

Manufacturing continues to face a cyberattack epidemic

One of the best-kept secrets in manufacturing is how many ransomware attacks occur and how many ransoms are quietly paid and never reported. It’s an epidemic that no one wants to admit exists, yet IBM’s 2023 X-Force Threat Intelligence Index finds that manufacturing is the most attacked industry today. Well over half (61%) of all breach attempts and 23% of all ransomware attacks are aimed primarily at manufacturing OT systems. Ransomware and hacktivism are the leading cause of most OT-targeted attacks. More than three-quarters (81%) of malware can disrupt industrial control systems, costing millions of dollars in lost orders, productivity and customer goodwill. 

The Cybersecurity and Infrastructure Security Agency (CISA) also reports that it is seeing a spike in infrastructure and manufacturing attacks, as evidenced by its recent alert of nineteen ICS advisories. 

IoT and sensors are a favorite target

Attacks often begin targeting unprotected IoT, IIoT and programmable logic controllers (PLC) that deliver real-time data across infrastructure and plant shop floors. From there, the goal is to penetrate deep into the network and cause chaos.

Nation-state attackers are focusing on how they can fast-track AI arsenals into use to make bold political statements or extract millions in ransomware. Energy, water and oil infrastructure, along with healthcare and manufacturing, are soft targets because even a slight disruption threatens human lives and causes millions of dollars in losses.  

“We’re connecting all these IoT devices, and all those connections create vulnerabilities and risks,” Kevin Dehoff, president and CEO of Honeywell Connected Enterprise (HCE), told VentureBeat. “With OT cybersecurity, I’d argue the value at stake and the stakes overall could be even higher than they are when it comes to IT cybersecurity.”

Dehoff emphasized the need to give customers better visibility into risks and vulnerabilities. “Most customers are still learning about the state of affairs in their OT networks and infrastructure,” he said. “And I think there’s some awakening that will be done.”

Introducing Cyber Watch

HCE knows these challenges well. The company manages cybersecurity for more than 500 customer sites, secures more than 100 million connected assets and employs more than 150 AI and ML data scientists. The company introduced Cyber Watch and an enhanced version of Cyber Insights at Honeywell Connect last week. Both rely on AI and ML to identify potential breach and intrusion attempts on IoT, OT, ICS and their real-time gaps with IT systems.  

Ransomware attacks disable production capabilities and demand large sums to restore access. The Cyber Watch dashboard provides real-time visibility into ransomware indicators across multiple sites, enabling earlier threat detection. 

Earlier this year, HCE acquired SCADAFence, which has expertise in closing gaps between OT and IT networks and protecting IoT sensors.

Cyber Watch’s approach to providing a global view of OT cybersecurity is noteworthy. The platform includes a multi-side dashboard that provides visibility into cyber threats across sites and a centralized data view. The Governance Dashboard enables IT and audit departments to define and monitor adherence to company policies. It also supports OT standards and regulations, including IEC 62443, the NIST framework and other compliance frameworks for OT.

Shivan Mandalam, CrowdStrike director of product management and IoT security, told VentureBeat that “it’s essential for organizations to eliminate blind spots associated with unmanaged or unsupported legacy systems. With greater visibility and analysis across IT and OT systems, security teams can quickly identify and address problems before adversaries exploit them.”

Like Honeywell, CrowdStrike helps infrastructure and manufacturing customers close IoT gaps by constantly improving their discovery technologies. 

Cybersecurity providers are all-in on the AI challenge

The era of weaponized AI is here. AirGap Networks, Absolute Software, Armis, Broadcom, Cisco, CradlePoint, Fortinet, Ivanti, JFrog and Rapid7 all have expertise in IoT cybersecurity. Last year at Fal.Con 2022, CrowdStrike launched Falcon Insight XDR and Falcon Discover for IoT.

Ivanti currently offers four IoT cybersecurity solutions, including Ivanti Neurons for RBVM, Ivanti Neurons for UEM, Ivanti Neurons for Healthcare (which supports the Internet of Medical Things, IoMT), and Ivanti Neurons for IIoT.

“IoT devices are becoming a popular target for threat actors, with IoT attacks making up more than 12% of global malware attacks in 2021, up from 1% in 2019, according to IBM,” Srinivas Mukkamala, chief product officer at Ivanti, told VentureBeat. “To combat this, organizations must implement a unified endpoint management (UEM) solution that can discover all assets on an organization’s network — even the Wi-Fi-enabled toaster in your breakroom.”