Light Dark
June 26, 2023 By Jonathan Reed 4 min read
News

Prior to the pandemic, cyber-sabotage attacks on manufacturing plants were non-existent. Today, the situation has changed dramatically. As per a recent report, attacks that led to physical consequences in process manufacturing, discrete manufacturing and critical industrial infrastructures impacted over 150 industrial operations in 2022. In addition, the total number of attacks increased 2.4x over the previous year. At this rate of growth, cyberattacks may shut down up to 15,000 industrial sites within the next five years.

Growing threat to OT systems

In 2022, a 140% surge in cyberattacks against industrial operations resulted in more than 150 incidents, per a recent Waterfall Security report. In an ominous warning, the report says, “At this rate of growth, we expect cyberattacks to shut down 15,000 industrial sites in 2027, that is: in less than five years.”

The majority of these assaults were in the form of ransomware, encrypting critical computer systems and invaluable data across IT networks. However, the attacks impacted operational technology (OT) as well. Waterfall reported that most ransomware attacks only impaired the IT network, not the OT network.

The report states, “Nonetheless, in all ransomware attacks we track, there were physical consequences, either because physical operations relied on crippled IT systems for minute-by-minute operations, or because ransomware victims did not trust the strength of their OT security systems and so shut down operations ‘in an abundance of caution.’”

Real world damage

Attacks that impact OT can lead to real-world consequences beyond mere system delays. The Waterfall report highlighted some more notable events, such as:

  • Outages at widely known companies, including 14 of a top automobile manufacturing brand’s plants, 23 tire plants of a well-known brand and outages at a major food company and publishing company
  • Flight delays for tens of thousands of air travelers in four separate attacks
  • Physical operations were impacted in four attacks on metals and mining; One of the attacks resulted in a fire and material equipment damage
  • Malfunctions of loading and unloading of cargo containers, fuel and bulk oil for half a dozen seaports on three continents
  • Attacks contributed to the bankruptcy of two victim organizations.

As per the Waterfall researchers, public reports of cyberattacks with physical consequences in the industries studied have more than doubled annually since 2020. At the current rate, the number of attacks and the number of affected sites is increasing at a rate of 10x every 2.5 years. If this trend continues, a 100-fold increase in attacks and impacted sites may occur from 2022 to 2027.

These numbers may seem exaggerated to some. However, if we look at the explosion in ransomware attacks over the last several years, the Waterfall prediction may turn out to be an underestimate.

Examining attacker motives

While ransomware attacks clearly have financial motives at their core, attacks on the industrial sector attract hacktivists as well. In the report, 17% of 2022’s attacks had no identifiable motive. The majority of the attacks were ransomware (74%) and the remaining 9% were by hacktivists.

None of 2022’s hacktivist attacks included a ransom demand. Instead, hacktivist groups were motivated by political or ideological agendas. In every hacktivist incident, the sole motive was to disrupt critical infrastructure or services, per Waterfall.

Most of the hacktivist incidents went hand-in-hand with the ongoing conflict between Iran and Israel or the Russo-Ukrainian conflict. Of the six total hacktivist attacks, four incidents disrupted transportation operations (rails, public transportation or taxi services) and one targeted a steel mill which resulted in a fire and equipment damage. The last hacktivist attack targeted EV charging stations belonging to a power utility.

Ransomware impacts OT

In 2022, 42 identified ransomware attacks resulted in physical consequences in discrete manufacturing, process industries and industrial critical infrastructure. The total number of attacks with physical impact in 2022 nearly equals the total attacks (47) in all previous study years combined (2010-2021). Of the known ransomware attacks in 2022, 40% were attributed to known ransomware groups, including BlackCat, Conti, Lockbit, Hive, Black Basta, Black Byte, RansomEXX and LV.

Sophisticated attacks more common

Another trend highlighted in the report is the increased sophistication of attacks against the industrial sector. In the past, only state-sponsored actors had access to advanced TTPs. Now, advanced capabilities are at the disposal of more cyber groups than ever. The report quotes the US National Cybersecurity Strategy document:

“Once available only to a small number of well-resourced countries, offensive hacking tools and services, including foreign commercial spyware, are now widely accessible. These tools and services empower countries that previously lacked the ability to harm U.S. interests in cyberspace and enable a growing threat from organized criminal syndicates.”

The IT/OT overlap

As per the report, the TSA has rolled out new directives that explicitly address IT/OT interdependencies. In response to the Colonial Pipeline attack, the TSA’s cybersecurity response seems to be guiding mandates to other industries. As per Waterfall, the TSA directives start by defining network and system criticality in terms of the worst-case consequences of cyber compromise. Specific security measures are then required at the IT/OT criticality boundary.

Worst-case scenarios of compromise on OT networks are typically physical (e.g., production downtime, equipment damage or worse). Worst-case outcomes on IT networks tend to be business-related (e.g., clean-up costs, the theft of proprietary data and lawsuits related to PII). At the interface between IT and OT, the TSA requires very specific security measures. As per the Waterfall report, these measures include:

  • OT networks must continue operating at “necessary capacity,” even when IT networks are compromised
  • Owners and operators must eliminate all OT dependencies on IT services. If they cannot, they must document residual dependencies and compensating measures to the TSA
  • Owners and operators must eliminate all OT to IT domain trust relationships, and if they cannot, they must develop policies to manage the risks due to those dangerous trusts
  • OT networks must be designed so that they can be isolated from IT networks during incident response procedures.

Cybersecurity and the OT/IT convergence

The number of cyberattacks on manufacturing and critical infrastructure is increasing exponentially. From OT strategy development and vulnerability assessment to building and optimizing an OT SOC, there’s no time to waste. Learn more by reading The OT Security imperative — What is your strategy?

 |  |  |  |  |  |  |  |  | 
Jonathan Reed
Freelance Technology Writer

More from News
May 10, 2024

CISA Malware Next-Gen Analysis now available to public sector

2 min read - One of the main goals of the Cybersecurity and Infrastructure Security Agency (CISA) is to promote security collaboration across the public and private sectors. CISA firmly believes that partnerships and effective coordination are essential to maintaining critical infrastructure security and cyber resilience.In faithfulness to this mission, CISA is now offering the Malware Next-Generation Analysis program to businesses and other organizations. This service has been available to government and military workers since November 2023 but is now available to the private…

May 8, 2024

Change Healthcare attack expected to exceed $1 billion in costs

3 min read - The impact of the recent Change Healthcare cyberattack is unprecedented — and so are the costs. Rick Pollack, President and CEO of the American Hospital Association, stated, “The Change Healthcare cyberattack is the most significant and consequential incident of its kind against the U.S. healthcare system in history.”In a recent earnings call, UnitedHealth Group, the parent company of Change Healthcare, speculated on the overall data breach costs. When all is said and done, the total tally may reach $1 billion…

May 1, 2024

New proposed federal data privacy law suggests big changes

3 min read - After years of work and unsuccessful attempts at legislation, a draft of a federal data privacy law was recently released. The United States House Committee on Energy and Commerce released the American Privacy Rights Act on April 7, 2024. Several issues stood in the way of passing legislation in the past, such as whether states could issue tougher rules and if individuals could sue companies for privacy violations. With the American Privacy Rights Act of 2024, the U.S. government established…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature