This Tech Republic article details new critical vulnerabilities uncovered by researchers at Claroty’s Team82, who were motivated to do their research based on the inexorable migration to the cloud for central management of industrial control systems (ICS) and other Operational Technology (OT), i.e., the things that instruct other things how to perform. But a lack of security brings huge risk for devices that were not conceived to be hooked up to the Internet. No internet-facing devices, no vulnerabilities.
In reviewing the research, the article says that the attackers’ methods “are likely similar to other attacks used to steal credentials, like phishing, which has been on the rise as more organizations move to cloud-based models to enable remote work.”
Potential attacks can be both top-down (privileged user accounts) and bottom-up (exploit the endpoint devices).
Recommended mitigation steps are the usual panoply of two-factor authentication, defined user roles and identity management. Oh yeah, and zero trust architecture.
None of these really get to the root of the problem: the user. They add more complexity to an already overburdened system, creating another stumbling block for your users who are already doing copy-paste to their Yahoo! accounts to get around your onerous security rules.