In an ever more connected world, the fusion of Information Technology (IT) and Operational Technology (OT) creates remarkable opportunities for efficiency and automation. These opportunities also introduce an array of new risks in the form of cyber vulnerabilities. Among the numerous cyber threats, one particularly insidious tactic, is threat actors tampering with logs transmitted from the Internet of Things (IoT) and OT devices back to headquarters (HQ). Cyber criminals have ample reasons to engage in this form of manipulation, which can have substantial and damaging effects on the automated actions being carried out by these devices. To address this challenge, we need to ensure logs are authentic and reliable through the application of data notarisation.
So why would cyber criminals want to tamper with device logs? The primary motivation is a form of deception – by manipulating the logs, threat actors can hide their intrusion making it appear as if nothing untoward has occurred. They can also generate misleading information designed to cause confusion or misdirect the attention of security teams. This deceptive act paves the way for carrying out other harmful activities such as stealing sensitive data, manipulating device operations or planting malware.
The malicious alteration of logs can also have profound and dangerous impacts on the automated actions of IoT and OT devices. Automated actions are typically carried out using the data received from device logs, any falsified information can cause these actions to be carried out inaccurately or inappropriately. For instance, an OT device controlling the water treatment system in Oldsmar, Florida, was remotely accessed and tampered with. In this particular attack, the hacker increased the sodium hydroxide content from 100 parts per million (ppm) to 11,100 ppm. Fortunately, in this case a sharp-eyed operator detected the spike and was able to bring the water content back to normal, however this is not always the case, especially when attacks happen at night when no personnel are on duty.