To understand cybersecurity trends impacting industrial infrastructure organizations, Dragos has released its Australian IT Cybersecurity Year 2023 review report.
In 2023, motivated and sophisticated hacktivists and threat groups demonstrated their ability to breach critical infrastructure networks and disrupt operational technology (OT) systems. Of the 905 global ransomware incidents affecting industrial organisations, 13 targeted Australian entities. The recent Lockbit 3.0 attack on DP World Australia highlighted the potential cascading impacts of ransomware on industrial operations, supply chains and consumers.
Hayley Turner, area vice president of Dragos Asia Pacific, emphasized the growing threat landscape.
“Ransomware incidents continue to increase globally, causing cascading impacts across virtually every industrial sector, particularly manufacturing. The number of vulnerabilities present in industrial control systems (ICS) is growing exponentially, along with the appetite of adversaries to exploit them.”
While the electricity, oil and gas, water, and manufacturing sectors achieved modest improvements in their ICS/OT cybersecurity posture on average, many industrial organizations still struggle with password security and threat detection in their ICS environment. /OT.
“Now is the time to take further steps,” adds Turner, highlighting the need for coordinated efforts across Australia’s cybersecurity community and emergency measures where necessary to mitigate adverse effects on critical business operations and the communities they serve. that serve.
Key vulnerability findings
Dragos tracked 21 threat groups involved in OT operations in 2023 and identified three new threat groups, including VOLTZITE linked to Volt Typhoon, and observed a nearly 50% increase in ransomware incidents reported by industrial organizations.
VOLTZITE targets the generation, transmission and distribution of electrical energy, and has been noted to target research, technology, defense industrial bases, satellite services, telecommunications and educational organizations. This group overlaps with Volt Typhoon, which the US government links to the People’s Republic of China. The group’s threat activities include living off the land techniques, prolonged surveillance and data collection aligned with Volt Typhoon’s assessed objectives of reconnaissance and gaining geopolitical advantage in the Asia-Pacific region. They traditionally targeted US-based facilities, but have been seen targeting organizations in Africa and Southeast Asia.
Dragos found that 80% of the vulnerabilities reside deep in the ICS network, 16% of the advisories were network exploitable and perimeter-oriented, and 53% of the advisories could cause both a loss of vision and control, up from 51% in 2022. Additionally, 31% of advisories contained errors and Dragos provided mitigations for 49% of advisories that did not have any.
Key ransomware findings
Ransomware remains the leading attack method in the industrial sector and will increase by 50% from 2022. Globally, lock bit was responsible for 25% of total industrial ransomware attacks, with ALPHV and blackbasta representing 9% each. The manufacturing sector remains the primary target, accounting for 71% of all ransomware attacks.
Although ransomware groups do not explicitly target ICS and OT, risks to these environments arise from preemptive shutdowns to limit the impact of an attack, flattened industrial networks, and the integration of ICS/OT removal processes into strains of ransomware.
Threats to Australian infrastructure intensified
Australian Cyber and Infrastructure Security Center (CISC) and Five Eyes Intelligence Alliance Agencies highlighted the growing OT cyber threat landscape, with a focus on foreign espionage and interference as primary threats to critical infrastructure. Australian Signals Directorate Annual Cyber Threat Report revealed a 50% increase in cyber incidents targeting infrastructure, which are increasingly targeted for motivation to gain geopolitical advantage. A trend that underlines the critical need for robust cybersecurity measures and strong public-private partnerships to safeguard national interests.
Key measures taken to ensure the security of Australia’s critical infrastructure
In 2023, the CISC advanced its efforts to strengthen national cybersecurity and resilience, particularly in ICS/OT environments where the detection of sophisticated threats is paramount. Key initiatives included the publication of a critical infrastructure asset class definition guide to improve operational resilience in 22 sectors and the activation of the Critical Infrastructure Risk Management Program. This program, which forms part of the Critical Infrastructure Security Act amendments 2018, alongside Mandatory Cyber Incident Reporting and the Critical Infrastructure Asset Registry, aims to elevate the security of Australia’s critical infrastructure.
“These steps signal the urgency and importance of robust asset monitoring, intelligence-based detections for sophisticated threats and a coordinated response to safeguard the essential services Australians depend on,” Turner said.
As ICS/OT cybersecurity becomes a top priority, it is essential to align on key priorities. Dragos recommends that Australian organizations consult the SANS Institute article “Five critical controls for ICS/OT cybersecurity”For guidance.
For more information, the Dragos OT 2023 Cybersecurity Year in Review for Australia and the accompanying executive summary can be downloaded. here.