- ABOUT
- VIDEOS
- TOPICS
- TESTIMONIALS
- COMMUNITY
- EVENTS
- NOMINATIONS & LISTS
- SPONSORSHIP
- ABOUT
- VIDEOS
- TOPICS
- TESTIMONIALS
- COMMUNITY
- EVENTS
- NOMINATIONS & LISTS
- SPONSORSHIP
The Cybersecurity Midwest Summit 2022, hosted by CDO Magazine and ComSpark, featured experts discussing various aspects of cybersecurity across industries. In this keynote presentation, Forescout's OT Professional Services Engineer, Craig Reeds, discusses Russian cybersecurity attacks and preventive measures for organizations.
Reeds speaks about some of the well-known attacks, such as the KA-SAT attack, NotPetya, Solarwinds, and the power outage in Ukraine. He adds that Russian intelligence organizations FSB and SVR conducted espionage while GRU executed the destruction.
According to Reeds, common vulnerabilities and exposures (CVEs) exist for a reason, and ongoing system updates are necessary to address the problems. Reeds reveals that Russian threat actors employed technology to hide GPS positions to hack everything in Ukraine.
The speaker mentions Forescout and says the company has seen attacks from malicious websites like Emote, Cobalt Strike, and Sunburst.
Reeds also draws attention to the Evil PLC threat, which can be implanted in programmable logic controllers and eventually reach the engineering station. He suggests organizations protect themselves from outside attacks by implementing the following strategies:
Identify and patch vulnerable devices to know what assets are in place to protect the inventory.
Segment the network to prevent lateral movement from IT to OT.
Check firewall rules periodically during network segmentation.
Replace compromised device passwords.
Use Multi-Factor Authentication to reduce the impact of password compromises.
Additionally, Reeds advises businesses to ensure that network management interfaces cannot be accessed from the internet. Recalling the Target attack, he claims the hackers accessed the point of sale system via the building management system.
In conclusion, Reeds encourages companies to conduct threat hunting and detection by installing tools and employing YARA rules for threat hunting. He urges businesses to monitor network vulnerabilities because insiders can also initiate cyberattacks.