Report: Ransomware and hacktivism reach new heights as OT threat
The annual Dragos OT Cybersecurity Year in Review The report reveals worrying times for operational technology security.
Operational technology specialist Dragos has published its sixth annual report Dragos OT Cybersecurity Year in Reviewand according to CEO Robert M. Lee, the past year represents a “tipping point” in OT threats.
“Industrial and critical infrastructure has been moving away from highly customized facilities to ones that, for good economic and productivity reasons, share the same industrial devices, technologies and facility designs across sites and sectors,” Lee said in a statement. .
“Unfortunately, adversaries are now taking advantage of these homogeneous infrastructures to escalate attacks.”
One of the key findings of the report is that geopolitical conflict is a key driver of threat activity. The war in Ukraine, in particular, has fueled threat activity, along with tensions between China and Taiwan. The latter is behind a sharp increase in cyber espionage in Asia-Pacific and the United States.
While state actors remain a threat, hacktivists are also becoming more technically proficient. The CyberAv3ngers group became the first such group to reach Stage 2 of the ICS Cyber Kill Chain, for example. The group went after water companies in Europe and North America for their support of Israel, targeting programmable logic controllers to disrupt service.
Anonymous Sudan also cemented its place as a distributed denial-of-service (DDoS) group capable of causing large-scale disruptions.
However, ransomware remained the biggest threat to OT in the industrial sector. Just three groups (LockBit, ALPHV and Black Basta) were responsible for just over half of all attacks against OT, while manufacturing remained the most attacked sector, with 71 percent of all OT ransomware attacks.
There were also more ransomware variants to track: Dragos monitored 50 different strains in 2023, 28 percent more than last year.
Closer to home, the Australian OT is definitely a target for foreign threat actors.
“He Dragos 2023 Annual Summary has highlighted the continuing trend of adversaries targeting industrial organizations globally. “Despite its geographical isolation, Australia is not exempt from this attack,” said Dragos lead hunter Conor McLaren.
“Indeed, Dragos’ intelligence team has observed numerous instances of adversaries directly targeting Australian critical infrastructure entities. “These incidents range from financially motivated ransomware attacks to hacktivist campaigns and even strategic cyberespionage operations.”
You can read the full report here.