Scaled ransomware attacks against manufacturing and geopolitical tensions brought increased attention to the industrial cyber threat landscape last year, said a report.
In 2022, there was breakthrough evolution in the development of malware targeting industrial control systems (ICS), according to the 2022 Dragos ICS/OT Cybersecurity Year in Review.
“As in previous years, the ICS/OT community has managed a growing number of vulnerabilities, many without the right mitigations needed to reduce risk and maintain operations. Meanwhile electric grids, oil and gas pipelines, water systems, and manufacturing plants continued to struggle with more complex regulatory environments that demand marked progress in shoring up defences,” commented Omar Al Barghouthi, Regional Director, Middle East, at Dragos.
“The sixth edition of Dragos’s report, which provides an ‘on-the-ground’ understanding of what is happening in the industrial space, contains the latest threat intelligence on adversary activity targeting operational technology (OT) and recent ICS-specific malware discoveries, data to inform vulnerability management practices, and cybersecurity benchmarks for industries.”
Key threat group findings
2022 saw a breakthrough escalation in capabilities by a new industrial control systems (ICS) malware, PIPEDREAM, the seventh ICS-specific malware and a modular cross-industry toolkit.
Developed by CHERNOVITE, one of two new ICS Threat Groups identified by Dragos in 2022, PIPEDREAM has the capabilities to impact devices that manage the electrical grid, oil and gas pipelines, water systems, and manufacturing plants. For industrial operators this can be viewed as a supply chain risk, as the methods target key vendor systems.
The other newly discovered ICS Threat Group targeting industrial control systems and operational technology in 2022, was BENTONITE. The group has been increasingly and opportunistically targeting maritime oil and gas (ONG); state, local, tribal, and territorial (SLTT) governments; and manufacturing sectors since 2021.
BENTONITE conducts offensive operations for espionage and disruptive purposes, targeting vulnerabilities in internet-exposed assets to facilitate access.
Industrial ransomware findings
Ransomware is cited as the top financial and operational risks to industrial organisations. Out of the 57 ransomware groups targeting industrial organisations and infrastructures, Dragos observed, through public incidents, network telemetry, and dark web resources, that only 39 groups were active in 2022. Dragos identified 605 ransomware attacks against industrial organisations in 2022, an increase of 87% over last year.
By region, North America accounted for 40% of all ransomware attacks, followed by Europe (32%). The Middle East saw only 3% of all ransomware attacks, which is the equivalent of 17 incidents. In terms of sectors, manufacturing claimed the highest share, a staggering 72%, but ransomware attacks spanned many industries, including food and beverage, energy, pharmaceuticals, oil and gas, water, mining, and metals.
Dragos service engagements included a finding about improper network segmentation in 50% of cases and a finding of external connections from OEMs, IT networks, or the Internet to the OT network in 53%, showing there is still a long way to go to defend against ransomware risks.
Findings on ICS/OT vulnerabilities
In 2022, the number of reported ICS/OT vulnerabilities showed a material increase of 27%, which demonstrates the increased attention and focus on the risks to industrial infrastructure by security researchers. Furthermore, 83% of the vulnerabilities were found to reside deep within the ICS network. The Dragos Threat Intelligence team analysed 2170 common vulnerabilities and exposures (CVEs) during 2022, up from 1703 CVEs in 2021.
“Based on findings of our Year in Review Report, I would urge organisations in the critical infrastructure sector to be proactive about having an OT cybersecurity program that is distinct from IT. OT involves different devices, communication protocols, adversary behaviors, and vulnerability management practices. Cyber attacks can result in physical impacts and investigations require a different set of tools. For guidance, the SANS Institute identified five critical controls for ICS/OT cybersecurity including having an ICS incident response plan, a defensible architecture, visibility and monitoring, secure remote access, and risk-based vulnerability management,” added Al Barghouthi.-- TradeArabia News Service