Three-quarters of industrial firms suffered a ransomware attack in the past year, with far more compromises affecting operational technology than ever before - representing a surge in attacks driven by both the industrial sector's vulnerability and propensity to pay ransoms in order to remain operational.
In the past 12 months, more than half of industrial firms suffered a ransomware attack that impacted their operational technology, whether directly or because a linked IT system had been attacked, according to a report released by cyber-physical defense company Claroty on Dec. 6.
The impact of the attacks on OT systems is a notable increase from the firm's last report in 2021, when 47% of companies had ransomware impact their operations.
Attacks on industrial firms and critical infrastructure providers have become downright common.
The Aliquippa Municipal Water Authority, located in Pittsburgh, recently suffered a site defacement after an Iranian-linked threat group known as Cyber Av3ngers forced it to shut down a water-pressure monitoring system and changed the site's landing page.
It's not just utilities in the sights: in February 2022, tire maker Bridgestone had to shut down its manufacturing networks for several days after the LockBit 2.0 ransomware group successfully breached its network.
While the Claroty survey shows that direct targeting of OT systems remained consistent over the two time periods, with more than a third of companies suffering attacks that affected both IT and OT systems in 2023, there has been a significant increase from the 27% of organizations suffering dual-impact attacks in 2021, say Grant Geyer, chief product officer at Claroty.
While the number of ransomware incidents against industrial firms has increased, they consistently account for a third of all attacks.
Overall, the industrial sector has remained the top ransomware target every month for the past year, according to data from the NCC Group, a cybersecurity services firm.
Ransomware attacks were up 81% in October, compared to the same month the previous year, and attacks on the industrial sector routinely represent a third of all ransomware incidents.
Threat activity has also increased overall because of recent geo-political conflicts, leading to industrial attacks by both state-sponsored actors and hacktivists, says Sean Arrowsmith, head of Industrials for the NCC Group.
Typically, companies' propensity to pay ransomware depends heavily on their revenue - smaller companies pay up 36% of the time, instead relying on backups, while larger companies pay 55% of the time, according to Sophos' annual State of Ransomware report.
Victims in the industrial sector pay a whopping two-thirds of the time, according to Claroty's Global State of Industrial Cybersecurity 2023 report.
Third parties are another weakness that companies reliant on OT - such as industrial firms and utilities - need to address.
All Top-10 energy firms in the United States, for example, had a third-party provider that suffered a compromise in the past 12 months, leading to a breach of their business, according to security metrics firm SecurityScorecard.
While only 4% of the nearly 2,000 third-party providers tracked by the firm suffered a direct compromise, that led to 90% of energy firms worldwide dealing with the fallout of those breaches over a year.
Case in point, the MOVEit breach alone affected hundreds of energy firms, according to Rob Ames, staff threat researcher at SecurityScorecard.
More Government Help Necessary for OT Security Many water utilities and other critical infrastructure firms are small, local companies, or operated by towns and counties.
Case in point: two years after the ransomware attack on Colonial Pipeline, critical infrastructure owners are still not ready to protect against ransomware, often because the economics does not add up, says Claroty's Geyer.
Companies do not need to have deep expertise in-house, but should focus on visibility, planning, and incident response exercises, says NCC Group's Arrowsmith.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 07 Dec 2023 19:05:19 +0000