NASHVILLE, TN – Phosphorus, the leading provider of unified security management and breach prevention for the xTended Internet of Things (xIoT), urges all organizations with Cyber-Physical Systems (CPS) to address key misconfiguration issues that leave them vulnerable to attack by sophisticated state-sponsored and criminal cyber-threat groups.
Recently, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a joint cybersecurity advisory (CSA) highlighting the most common cybersecurity misconfigurations in large organizations. Among the agencies’ list of the Top 10 most common misconfigurations were many risks which both Phosphorus and its research wing Phosphorus Labs have been warning about since bringing its Gartner-recognized CPS Protection Platform to market. These include default configurations, insufficient monitoring, poor patch management, poor credential hygiene, and more.
“Misconfigurations are extremely common in Cyber-Physical Systems, from IoT to operational technology and industrial control systems,” said Sonu Shankar, Chief Strategy Officer of Phosphorus.
“With the growing risk of state-sponsored attacks, and the surge in criminal groups targeting Cyber-Physical Systems, it is absolutely critical for all organizations to assess their current level of risk and to take proactive measures now to mitigate these vulnerabilities before it is too late. Over the next year, we expect to see more disruptive cyber attacks targeting CPS assets in corporate and industrial systems. This can have a devastating impact on companies, their partners and shareholders, supply chains, and even the broader economy.”
Just since September of this year, CISA has released more than 50 Industrial Control Systems (ICS) Advisories covering a broad spectrum of mission-critical OT, ICS, and IIoT Cyber-Physical Systems (CPS). At the same time, a growing number of state-sponsored and criminal threat actors are now targeting CPS assets, such as the recent attack on Unitronics PLCs by the Iranian threat group, CyberAv3ngers. Over the past year alone, researchers have discovered advanced operations by such groups as Fancy Bear, Cozy Bear, Chernovite, NTC Vulkan, Mint Sandstorm, and Volt Typhoon to infiltrate these systems in high-value companies, critical infrastructure operators, and other organizations. Ransomware attacks on industrial infrastructure have also increased by 87%.
NSA and CISA Recommendations for Network Defenders
In order to reduce the risk of malicious actors exploiting the identified misconfigurations, while addressing a trend of systemic weaknesses in many large organizations, NSA and CISA provided a list of recommended Mitigations which they encouraged network defenders to implement.
The short but precise list of recommendations includes the following:
- Remove default credentials and harden configurations.
- Disable unused services and implement access control.
- Update regularly and automate patching, prioritizing patching of known exploited vulnerabilities.
- Reduce, restrict, audit, and monitor administrative accounts and privileges.
Nearly all of the critical recommendations that NSA and CISA encouraged companies to implement represent capabilities that Phosphorus has long addressed through its best-of-breed Unified xIoT Security Management & Breach Prevention Platform. It is the industry’s only CPS Protection Platform covering the entire security and management lifecycle for xIoT devices–including OT/ICS, IoT, IIoT and IoMT Cyber-Physical Systems.
How the Phosphorus Platform Addresses These Critical Risks
Phosphorus’s Unified xIoT Security Management & Breach Prevention Platform provides seamless, full-scope coverage through its unique ability to directly communicate with all xIoT devices in their native protocols.
This allows organizations across every vertical to safely and easily find, fix, monitor, and manage their CPS estates – without agents, complexity, or infrastructure dependencies.
- CPS Discovery – Accurate device discovery is the crucial first step for addressing vulnerable devices, but most organizations undercount their total xIoT device footprint by 40–60%. Phosphorus’s platform is powered by the industry’s first and only scalable Intelligent Active Discovery (IAD) engine which achieves 100% device certainty the first time, assessing CPS assets up to 98% faster than traditional passive scanners and is up to 95% more efficient (lighter) than legacy active scanners. Equally critical, it is safe to use across the full range of CPS asset classes, including highly sensitive OT and ICS devices.
- CPS Risk Assessment – Phosphorus’s unique approach means that a complete set of high-fidelity “Device Metadata” is provided across device families, determined only by direct interaction with the CPS asset. In addition to in-depth device details, the platform’s evidence-based risk assessment capability collects over 3X more data points from xIoT assets than other services – including high-fidelity analysis of device posture, status of device credentials, current firmware version and CVEs, certificate status, risky configurations, device End of Life status, banned devices, and more.
- CPS Hardening & Remediation – By leveraging the ability to directly communicate with any CPS device, Phosphorus has developed a completely new approach to protecting CPS assets by providing proactive security management and breach prevention across the complete CPS estate by automating the remediation of the biggest IoT, OT/ICS, IoMT, and IIoT device vulnerabilities – including changing default passwords and establishing periodic password rotations, updating out-of-date device firmware (including unpatched CVEs), checking for out-of-date device certificates, fixing risky configurations, and more. The Phosphorus platform satisfies the NSA/CISA top mitigation recommendations.
To learn more about Phosphorus’s CPS protection capabilities, visit https://phosphorus.io/
or check out the company’s Spies, Saboteurs & Scoundrels talk at select upcoming conferences.