[ad_1]
Last year’s massive ransomware attack targeting manufacturing and geopolitical tensions have drawn more attention to the industrial cyber threat landscape, according to a report.
According to the 2022 Dragos ICS/OT Cybersecurity Year in Review, 2022 will see a breakthrough in the development of malware targeting industrial control systems (ICS).
“As in previous years, the ICS/OT community manages a growing number of vulnerabilities, many of which do not have appropriate mitigations in place to mitigate risk and maintain operations. Meanwhile, power grids, oil and gas pipelines, water systems, and manufacturing plants continue to Combatting a more complex regulatory environment requires significant progress in strengthening defenses,” commented Omar Al Barghouthi, Regional Director Middle East, Dragos.
“Dragos’ sixth edition report provides an ‘on the ground’ understanding of what’s happening in the industry, with the latest threat intelligence on adversary activity targeting operational technology (OT) and recently discovered ICS-specific malware, providing Data that informs vulnerability management practices and industry cybersecurity benchmarks.”
Top Threat Group Findings
2022 sees breakthrough upgrades in the capabilities of new industrial control system (ICS) malware PIPEDREAM, a seventh ICS-specific malware, and a modular cross-industry toolkit.
PIPEDREAM was developed by CHERNOVITE, one of two new ICS threat groups identified by Dragos in 2022, with the ability to affect equipment that manages power grids, oil and gas pipelines, water systems, and manufacturing plants. For industrial operators, this can be considered a supply chain risk, as these approaches target critical supplier systems.
Another newly discovered ICS threat group is BENTONITE 2022 targeting industrial control systems and operations technology. The group has increasingly opportunistically targeted offshore oil and gas (ONG); state, local, tribal and territorial (SLTT) governments; and manufacturing since 2021.
BENTONITE conducts offensive operations for espionage and sabotage purposes, targeting vulnerabilities in assets exposed on the Internet to facilitate access.
Industrial Ransomware Survey Results
Ransomware is considered the top financial and operational risk facing industrial organizations. Of the 57 ransomware groups targeting industrial organizations and infrastructure, Dragos observed through public events, network telemetry, and darknet sources, only 39 were active in 2022. Dragos identified 605 ransomware attacks against industrial organizations in 2022, an increase of 87% over the previous year.
By region, North America accounted for 40% of all ransomware attacks, followed by Europe (32%). Only 3% of all ransomware attacks, or 17 incidents, occurred in the Middle East. By industry, manufacturing has the highest share at a staggering 72%, but ransomware attacks span many industries, including food and beverage, energy, pharmaceuticals, oil and gas, water, mining and metals.
Dragos’ service engagements include finding incorrect network segmentation in 50% of cases and external connections from OEM, IT networks, or the Internet to OT networks in 53% of cases, showing that defenses have a long way to go Take the risk of ransomware.
Findings on ICS/OT Vulnerabilities
A significant increase of 27% in the number of reported ICS/OT vulnerabilities by 2022 demonstrates the growing focus and focus of security researchers on risks to industrial infrastructure. Additionally, 83 percent of vulnerabilities were found to exist deep within the ICS network. The Dragos threat intelligence team analyzed 2,170 common vulnerabilities and exposures (CVEs) in 2022, up from 1,703 CVEs in 2021.
“Based on the findings of our Year in Review report, I would urge organizations in the critical infrastructure sector to be proactive in developing OT cybersecurity programs that differ from IT. OT involves different devices, communication protocols, adversary behavior, and vulnerability management practices. Cyberattacks can cause physical impact, investigations require a different set of tools.As a guide, the SANS Institute identified five key controls for ICS/OT cybersecurity, including developing an ICS incident response plan, defense architecture, visibility and monitoring, secure remote access and risk-based vulnerability management,” added Al Barghouthi. trade arab news agency
[ad_2]
Source link