Share this article on:
The annual Dragos OT Cybersecurity Year in Review report reveals troubling times for the security of operational technology.
Operational technology specialist Dragos has released its sixth annual Dragos OT Cybersecurity Year in Review, and according to chief executive Robert M. Lee, the year just past represents a “tipping point” in OT threats.
“Industrial and critical infrastructure has been moving away from highly customised facilities to ones that – for good economic and productivity reasons – share the same industrial devices, technologies, and facility designs across sites and sectors,” Lee said in a statement.
“Unfortunately, adversaries are now leveraging these homogenous infrastructures to scale attacks.”
One of the key findings of the report is that geopolitical conflict is a key driver of threat activity. The war in Ukraine, in particular, has driven threat activity, alongside tensions between China and Taiwan. The latter is behind a sharp increase in cyber espionage in the Asia-Pacific and the US.
While state-based actors remain a threat, hacktivists are becoming more technically proficient as well. The CyberAv3ngers group became the first such group to achieve stage 2 of the ICS Cyber Kill Chain, for instance. The group went after water utilities in Europe and North America over support for Israel, targeting programmable logic controllers to disrupt service.
Anonymous Sudan also cemented its place as a distributed denial-of-service (DDoS) group with the capacity for large-scale disruption.
However, ransomware remained the biggest threat to OT in the industrial sector. Just three groups – LockBit, ALPHV, and Black Basta – were responsible for just over half of all attacks against OT, while manufacturing remained the sector most targeted, with 71 per cent of all OT ransomware attacks.
There were more ransomware variants to track, too, with Dragos monitoring 50 distinct strains in 2023 – 28 per cent more than last year.
Closer to home, Australian OT is definitely a target for foreign threat actors.
“The Dragos 2023 Year-in-Review has highlighted the continued trend of adversaries targeting industrial organisations globally. Despite its geographical isolation, Australia is not exempt from this onslaught,” said Conor McLaren, principal hunter at Dragos.
“In fact, the Dragos intel team has observed numerous instances of adversaries directly targeting Australian critical infrastructure entities. These incidents have ranged from financially motivated ransomware attacks to hacktivist campaigns and even strategic cyber espionage operations.”
You can read the full report here.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.