OT attacks surge during 2022
Last year saw a breakthrough evolution in the development of malware targeting industrial control systems, with cybercriminals attacking operational technology [OT] at a greater scale, according to Dragos.
The year 2022 was also characterised by the emergence of scaled ransomware attacks against the manufacturing sector and heightened geopolitical tensions, all of which served to bring increased attention to the industrial cyberthreat landscape, the OT cybersecurity company said.
In a new report, Dragos has highlighted the emergence of recent industrial control system [ICS] specific malware discoveries, including Pipedream, the seventh known ICT-specific malware.
Pipedream is the first scalable, cross-industry ICS attack framework, capable of targeting three ubiquitous software components in OT systems.
Meanwhile two new ICS threat groups have been identified targeting ICS and OT, known as Chernovite and Bentonite respectively. Chernovite is the developer of Pipedream, while Bentonite has been found to target the maritime oil and gas industries, various levels of government, and the manufacturing sector, the report found.
Meanwhile Dragos has detailed findings on the activity of six known ICS threat groups targeting industrial organisations.
The top financial and operational risk to industrial organisations remains ransomware, the report states. Of the 57 ransomware groups targeting industrial organisations and infrastructures only 39 were active in 2022, according to the report.
But Dragos still identified 605 ransomware attacks against industrial organisations in 2022, up 87% from 2021.The manufacturing sector was targeted in 72% of attacks, but ransomware groups also targeted sectors including food and beverage, energy, pharmaceuticals, oil and gas, water, mining, and metals.
The report also found that the number of ICS/OT vulnerabilities reported in 2022 grew by 27%, with the Dragos Threat Intelligence team analysing 2170 common vulnerabilities and exposures during the year.
Building secure AI: a critical guardrail for Australian policymakers
While AI has the potential to significantly enhance Australia's national security, economic...
Building security-centric AI: why it is key to the government's AI ambitions
As government agencies test the waters of AI, public sector leaders must consider how they can...
State government agencies still struggling with securing user access
Audit reports have shown that Australian government agencies in four states experience challenges...
