Skip to main content
close search
site logo
Dive Brief

Most OT environments have at least 4 remote access tools, report finds

Claroty warned the prevalence of remote access tool sprawl, often linked to ransomware, raises the risk of malicious activity.

Published Sept. 12, 2024
David Jones's headshot
Reporter
Two male electrical engineers in safety uniform work together at a factory site control room.
Two male electrical engineers in safety uniform work together at a factory site control room. CandyRetriever via Getty Images

Dive Brief:

  • More than half of operational technology environments contain at least four remote access tools, increasing the attack surface for potentially malicious threat activity, according to a report released Tuesday from Claroty, based on data from more than 50,000 remote access devices. 
  • One-third of OT environments contain six or more remote access tools, Claroty found. Most OT environments, 4 in 5, have more than two non-enterprise grade tools installed on OT network devices. 
  • These non-enterprise tools pose an even greater risk because they lack features to manage access privileges, such as auditing, role-based access controls and session recording. The non-enterprise tools also lack basic access features like multifactor authentication, Claroty said.

Dive Insight:

Remote access tools are widely used in OT settings and more threat activity is abusing these tools. 

The report highlights the problem of managing security tool sprawl, which has become a major issue at companies with budget constraints, personnel shortages and alert fatigue. The report found 1 in 5 organizations run at least eight remote access tools, while some run as many as 16. 

Remote access tools have been at the center of several major threat campaigns in the past year, Claroty said. Earlier this summer, the state-linked threat group Midnight Blizzard launched an attack against the IT network of TeamViewer, by abusing compromised employee credentials. 

TeamViewer said no customer environments were compromised during that incident, however researchers from NCC previously warned organizations to disengage remote access tools from their environments. 

A May report from At-Bay found remote access tools were the primary intrusion point across 3 in 5 ransomware attacks in 2023. 

The Cybersecurity and Infrastructure Security Agency in January 2023 released a guide for how to protect against the malicious use of remote monitoring and management software. 

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell