Ransomware Attacks on Industrial Infrastructure Climb 87% Despite Security Improvements to ICS Environments

Since the goal of ransomware is to initially disrupt operations, the targeting of industrial control systems has been an increasing focus for specific ransomware groups.

Nearly every ransomware threat actor or gang treats their malicious activities as a business. And like most businesses, you focus on a target group of “customers”. In some cases, the threat actors have a particular proficiency in targeting industrial control systems (ISC) and operational technology (OT) environments. The tech used is specific to the industry, the process to be automated, etc., making it difficult for additional ransomware players to get into the game of targeting ICS/OT.

According to cybersecurity firm Dragos, in their newly released 2022 ICS/OT Cybersecurity Year in Review report:

• There are 35% more ransomware groups actively targeting ICS and OT environments
• 72% of attacks focused on manufacturing companies
• 40% of attacks targeted businesses in the United States, with 32% in Europe, and 18% in Asia

While these attacks primarily focused on the manufacturing sector, many other sectors were targeted, as shown below:

Source: Dragos

Nearly every attack started by taking advantage of a vulnerability, it’s these kinds of attacks that result in outages of services and products impacting everyday businesses and consumers. And those material business interruptions give entrée to phishing scams that take advantage of an individual’s or business’ need as the means to create the necessary sense of urgency that causes victims to throw caution to the wind.

Despite these specific attacks having little direct-relation to the value of Security Awareness Training, the aftermath of these attacks warrants a look at how other attackers will leverage the outages and attempt to trick your employees into participating in a well-crafted phishing scam.