IBM Observed 2000% Increase in OT Attacks, Says Echobot is the Most Interesting

While there were not a lot of changes and expectations in ICS cybersecurity overall for 2019 and 2020, IBM observed, what it cites as, “explosive growth in OT infrastructure targeting” in 2019. IBM Security’s 2020 X-Force Threat Intelligence Index reports a 2000 percent increase in the number of events targeting OT assets since 2018, including a fact that the number of events targeting OT assets in 2019 was greater than the activity volume observed in the past three years. The report further states that most attacks centered around the low-hanging fruit, such as using a combination of known vulnerabilities within SCADA and ICS hardware components, as well as password-spraying attacks using brute force login tactics against ICS targets. Of course there was activity observed from XENOTIME and APT33, but most interesting was Echobot, a variant of the Mirai IoT botnet, that includes exploits for ICS products. ICS-specific exploits used by Echobot target vulnerabilities in Mitsubishi Electric ME-RTU devices and Schneider Electric’s U.Motion Builder. Read the summary at SecurityWeek