Geopolitical tensions escalate OT cyber attacks

In this Help Net Security interview, Andrew Ginter, VP of Industrial Security at Waterfall Security, discusses operational technology cyber attacks and their 2024 Threat Report.
He examines how global geopolitical tensions and evolving ransomware tactics are reshaping industrial cybersecurity.
Politically-motivated hacktivist attacks with physical consequences have increased in the last couple of years.
Almost all of these attacks are tied to either the Russian invasion of Ukraine, or the on-going Iran / Israel conflict.
These attacks have historically not been terribly sophisticated, but everyone is watching the emergence of large language model AIs to see whether and how much more capable these AI's will make the hacktivists.
Nation-state incidents are increasing as well - the Chinese were behind the Volt Typhoon campaign that compromised over 50 power plants and electric utilities in the USA, and the Russians are behind an attack on 22 large and small critical infrastructure providers in Denmark.
The 2024 Threat Report highlights a 19% increase in OT cyber attacks in 2023 compared to the previous year.
Ransomware has historically driven much higher compound annual growth in attacks with OT consequences.
A fraction of ransomware criminals appear to have moved away from encrypting compromised systems and moved entirely to extorting ransoms for promising not to publish stolen data.
We expect this trend among ransomware groups to stabilize, probably this year, returning compound annual growth in consequential OT attacks closer to historical increases of 60-100% per year.
There is a fair bit in the report about ransomware tactics, but let me give you some examples.
First, the most sophisticated of today's ransomware groups are either backed by nation-states - think North Korea - or are wealthy enough to build their nation-state-style attack tools, or they are actively buying and selling attack tools with nation-states.
Today, nation-state-grade ransomware targets everyone with money.
Second, a significant fraction of ransomware impacts on OT is because of dependencies.
Ransomware hits the IT network, encrypts a lot of stuff, and so cripples a large batch of IT servers and services.
Even if ransomware never touches the OT network, we must shut down production because production-critical services on the IT network are no longer available.
OT security practitioners really need to ask themselves how they depend on IT services, and whether it is acceptable to shut down physical operations if some attack cripples IT. The report mentions 'near miss' incidents in critical infrastructure industries.
The Russian attacks in Denmark were important, again because they provided evidence of nation-state activity targeting critical infrastructures.
If I may paraphrase, CIE positions OT security as a coin with two sides: one side teaches engineering teams about cyber threats and cyber mitigations, while the other side encourages engineering teams to apply powerful engineering tools to the task of preventing unacceptable consequences.
The most common such example is unidirectional gateway technology - hardware-enforced, engineering-grade prevention of the propogation of cyber attacks from the Internet and IT networks into OT networks, even nation-state style attacks.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Mon, 15 Apr 2024 05:28:04 +0000


Cyber News related to Geopolitical tensions escalate OT cyber attacks

Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
9 months ago Securityzap.com
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
9 months ago Cyberdefensemagazine.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
10 months ago Scmagazine.com
Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
7 months ago Cyberdefensemagazine.com
Wargames director Jackie Schneider on why cyber is one of 'the most interesting scholarly puzzles' - In other games, we had people from Silicon Valley who were leading AI companies or cyber companies. What we found is those who had expertise in cyber operations were more likely to be more nuanced about how they used the cyber capability. On a larger ...
5 months ago Therecord.media
Does Pentesting Actually Save You Money On Cyber Insurance Premiums? - Way back in the cyber dark ages of the early 1990s as many households were buying their first candy-colored Macintoshes and using them to play Oregon Trail and visit AOL chat rooms, many businesses started venturing into the digital realm as well by ...
11 months ago Securityboulevard.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
1 month ago Cyberdefensemagazine.com
IT Professionals in ASEAN Confronting Rising Cyber Security Risks - The ASEAN region is seeing more cyber attacks as digitisation advances. In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre ...
11 months ago Techrepublic.com
Uncertainty Is the Biggest Challenge to Australia's Cyber Security Strategy - Political shifts could lead to changes in Australia's cyber security strategy. Early in 2023, as the Australian government started to craft its cyber security vision, it met with opposition at both ends of the political spectrum. On the right wing, ...
10 months ago Techrepublic.com
Geopolitical tensions escalate OT cyber attacks - In this Help Net Security interview, Andrew Ginter, VP of Industrial Security at Waterfall Security, discusses operational technology cyber attacks and their 2024 Threat Report. He examines how global geopolitical tensions and evolving ransomware ...
7 months ago Helpnetsecurity.com
Securing Gold: Assessing Cyber Threats on Paris 2024 - The next Olympic Games hosted in Paris will take place from 26 July to 11 August 2024, while the Paralympic Games will be carried out from 28 August to 8 September 2024. Paris 2024 estimated the number of spectators for the next edition to be 9,7 ...
10 months ago Blog.sekoia.io
Ransomware Attacks Strike South Africa, Decline in UAE - Cybercrime - and especially ransomware - traditionally have had an uneven impact across the Middle East and Africa, yet recent data suggests that ongoing geopolitical conflicts will likely raise the overall level of cyberattacks across the regions. ...
11 months ago Darkreading.com
The Evolution of Cyber Threats: Past, Present, and Future - Cyber threats have evolved significantly over time, posing increasing risks to individuals, organizations, and governments in our interconnected world. Let's explore the past, present, and future of cyber threats to better understand how to protect ...
9 months ago Securityzap.com
Meet Your New Cybersecurity Auditor: Your Insurer - As businesses deal with the fallout of massive ransomware waves, from Lapsus$ to Cl0p/MOVEit, an unlikely new entity is joining the regulatory bodies to raise the bar for cybersecurity: the cyber insurer. Their coverage requirements and ...
11 months ago Darkreading.com
Mississippi Creates New Cyber Unit and Names First Director - The state of Mississippi has recently announced the creation of a new dedicated cyber security unit, as well as the naming of its first director. The Mississippi Cyber Security Unit, headed by Director Kelly Hurst and backed by the Mississippi Office ...
1 year ago Securityweek.com
75% Organizations Struggle with Recurring Cyber Attacks - In a time when advancements in technology rule these days, the constant risk of cyber attacks hangs over businesses all over the world. This study highlighted the difficulties Chief Information Security Officers encounter during cyber attacks. This ...
11 months ago Securityboulevard.com
The top cyber security news stories of 2023 - 2023 was a busy year for cyber criminals, making it tough to choose the top cyber security news stories of 2023. Cyber security professionals have had their hands full in protecting sensitive information and detecting breaches to ensure the safety of ...
11 months ago Securityboulevard.com
Cyber Insights 2023: Cyberinsurance - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. In 2022, Russia invaded Ukraine with the potential for more serious and more ...
1 year ago Securityweek.com
Cybersecurity Tops 2024 Global Business Risks - The newly released Allianz Risk Barometer revealed that Cyber incidents such as ransomware attacks, data breaches, and IT disruptions are the biggest worry for companies globally, as well as in the United States, in 2024. The 13th annual business ...
9 months ago Cybersecurity-insiders.com
With Attacks on the Upswing, Cyber-Insurance Premiums Poised to Rise Too - An increase in cyber-insurance claims in 2023, driven by a more active threat landscape, will likely mean that last year's price plateau in cyber-insurance premium costs will be short-lived, according to industry experts. While premium costs fell by ...
10 months ago Darkreading.com
5 Ways to Counteract Increasing Cyber Insurance Rates - Despite this threat, only 55% of organizations have some form of cyber insurance, and only 19% have coverage for cyber events beyond $600,000. As the cybersecurity landscape continues to evolve, businesses must carefully evaluate their risk exposure ...
9 months ago Cybersecurity-insiders.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
Microsoft: 87% of UK Organizations Vulnerable to Costly Cyber-Attacks - Just 13% of UK organizations are resilient to cyber-attacks, with the remainder either vulnerable or at high risk of damaging cyber-incidents, according to a new report by Microsoft in collaboration with the University of London. The tech giant said ...
8 months ago Infosecurity-magazine.com
Cyber Warfare 2: The Examined Ukranian Power Outage - The recent cyber attack in Ukraine which led to a power outage illustrates the severity of cyber warfare and the pressing need for better cybersecurity measures. It’s widely believed that the attack was state-sponsored, given the cyber-espionage ...
1 year ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)