Ransomware, Data Breaches Inundate OT & Industrial Sector

Three-quarters of industrial firms suffered a ransomware attack in the past year, with far more compromises affecting operational technology than ever before - representing a surge in attacks driven by both the industrial sector's vulnerability and propensity to pay ransoms in order to remain operational.
In the past 12 months, more than half of industrial firms suffered a ransomware attack that impacted their operational technology, whether directly or because a linked IT system had been attacked, according to a report released by cyber-physical defense company Claroty on Dec. 6.
The impact of the attacks on OT systems is a notable increase from the firm's last report in 2021, when 47% of companies had ransomware impact their operations.
Attacks on industrial firms and critical infrastructure providers have become downright common.
The Aliquippa Municipal Water Authority, located in Pittsburgh, recently suffered a site defacement after an Iranian-linked threat group known as Cyber Av3ngers forced it to shut down a water-pressure monitoring system and changed the site's landing page.
It's not just utilities in the sights: in February 2022, tire maker Bridgestone had to shut down its manufacturing networks for several days after the LockBit 2.0 ransomware group successfully breached its network.
While the Claroty survey shows that direct targeting of OT systems remained consistent over the two time periods, with more than a third of companies suffering attacks that affected both IT and OT systems in 2023, there has been a significant increase from the 27% of organizations suffering dual-impact attacks in 2021, say Grant Geyer, chief product officer at Claroty.
While the number of ransomware incidents against industrial firms has increased, they consistently account for a third of all attacks.
Overall, the industrial sector has remained the top ransomware target every month for the past year, according to data from the NCC Group, a cybersecurity services firm.
Ransomware attacks were up 81% in October, compared to the same month the previous year, and attacks on the industrial sector routinely represent a third of all ransomware incidents.
Threat activity has also increased overall because of recent geo-political conflicts, leading to industrial attacks by both state-sponsored actors and hacktivists, says Sean Arrowsmith, head of Industrials for the NCC Group.
Typically, companies' propensity to pay ransomware depends heavily on their revenue - smaller companies pay up 36% of the time, instead relying on backups, while larger companies pay 55% of the time, according to Sophos' annual State of Ransomware report.
Victims in the industrial sector pay a whopping two-thirds of the time, according to Claroty's Global State of Industrial Cybersecurity 2023 report.
Third parties are another weakness that companies reliant on OT - such as industrial firms and utilities - need to address.
All Top-10 energy firms in the United States, for example, had a third-party provider that suffered a compromise in the past 12 months, leading to a breach of their business, according to security metrics firm SecurityScorecard.
While only 4% of the nearly 2,000 third-party providers tracked by the firm suffered a direct compromise, that led to 90% of energy firms worldwide dealing with the fallout of those breaches over a year.
Case in point, the MOVEit breach alone affected hundreds of energy firms, according to Rob Ames, staff threat researcher at SecurityScorecard.
More Government Help Necessary for OT Security Many water utilities and other critical infrastructure firms are small, local companies, or operated by towns and counties.
Case in point: two years after the ransomware attack on Colonial Pipeline, critical infrastructure owners are still not ready to protect against ransomware, often because the economics does not add up, says Claroty's Geyer.
Companies do not need to have deep expertise in-house, but should focus on visibility, planning, and incident response exercises, says NCC Group's Arrowsmith.


This Cyber News was published on www.darkreading.com. Publication date: Thu, 07 Dec 2023 19:05:19 +0000


Cyber News related to Ransomware, Data Breaches Inundate OT & Industrial Sector

Ransomware, Data Breaches Inundate OT & Industrial Sector - Three-quarters of industrial firms suffered a ransomware attack in the past year, with far more compromises affecting operational technology than ever before - representing a surge in attacks driven by both the industrial sector's vulnerability and ...
1 year ago Darkreading.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
Critical insights into Australia's supply chain risk landscape - Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as ...
9 months ago Tripwire.com
'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
1 year ago Therecord.media
Data Breaches in US Schools Exposed 37.6M Records - Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records. According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded - a dramatic rise from 139 in ...
7 months ago Infosecurity-magazine.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
Recapping Cisco industrial IoT's journey: A year of security, simplification and innovation - In this blog, we'll take a look back at the key topics and trends that defined the industrial IoT journey in 2023. Empowering our industrial customers to digitize and secure operations at the same time has been prevalent in every conversation this ...
11 months ago Feedpress.me
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
11 months ago Securityboulevard.com
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
10 months ago Malwarebytes.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
11 months ago Feeds.fortinet.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
11 months ago Unit42.paloaltonetworks.com
Record Surge in Data Breaches Fueled by Ransomware and Vendor Exploits - According to a recent report from Apple and a Massachusetts Institute of Technology researcher, the United States has witnessed a record-breaking surge in data breaches, fueled by increased attacks on third-party vendors and a rise in aggressive ...
1 year ago Cysecurity.news
Third-party breaches hit 90% of top global energy companies - A new report from SecurityScorecard reveals a startling trend among the world's top energy companies, with 90% suffering from data breaches through third parties over the last year. This sheds light on the need for these energy companies to adopt a ...
10 months ago Securityintelligence.com
How a Group of Train Hackers Exposed a Right-to-Repair Nightmare - Earlier this month, Polish hackers known as Dragon Sector accused one of Poland's largest train makers, Newag, of intentionally bricking its own trains when they're repaired by third parties. Newag threatened to sue Dragon Sector, but the story ...
11 months ago Packetstormsecurity.com
Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware - The Cisco Talos Year in Review report released Tuesday highlights new trends in the cybersecurity threat landscape. We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader ...
1 year ago Techrepublic.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
9 months ago Feeds.fortinet.com
Ransomware's Impact May Include Heart Attacks, Strokes & PTSD - First-order harms: Direct targets of ransomware attacks. The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or ...
10 months ago Techrepublic.com
Research Reveals That Infostealers Target Healthcare Sector Data - New research by Netskope Threat Labs has revealed that infostealers were the primary malware and ransowmare families used to target the healthcare sector. Healthcare was among the top sectors impacted during 2023 by mega breaches, an attack where ...
9 months ago Itsecurityguru.org
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
6 months ago Cisa.gov
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
11 months ago Bleepingcomputer.com
Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches - An Apple-commissioned report this week has highlighted once again why analysts have long recommended the use of end-to-end encryption to protect sensitive data against theft and misuse. The report is based on an independent study of publicly reported ...
1 year ago Darkreading.com
Ransomware review: December 2023 - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. In November there were 457 total ransomware victims, making it the most active month for ransomware gangs in 2023 so far besides May. The top ...
1 year ago Malwarebytes.com
Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
10 months ago Securityboulevard.com
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
7 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)