Ransomware trained on manufacturing firms led cyberattacks in industrial sector
As industrial network operators and their security teams operate on high alert over worries of potential disruptive attacks by Russian nation-state-controlled hacking teams amid the escalating crisis in Ukraine and US sanctions on Russia, the reality for most of them has been a painful surge in ransomware attacks over the past year.
Real-world incident response investigations in 2021 by teams at Dragos and IBM X-Force overwhelmingly revealed that the hottest operations technology (OT) target is the manufacturing sector, and the main weapon attacking these organizations is now ransomware. Two ransomware groups, Conti and LockBit 2.0, executed more than half of all ransomware attacks on the industrial sector, 70% of which were aimed at manufacturing firms – making manufacturing the No. 1 OT industry hit with ransomware last year, according to a newly published report from Dragos.
While Colonial Pipeline’s and JBS‘s ransomware attacks were the most high-profile in that sector, there were others that didn’t go public. “A significant number of cases go unreported … there are a lot that just don’t make the news,” says Rob Lee, founder and CEO of Dragos, which responded to 211 ransomware attack cases at manufacturing firms last year.
This dubious distinction for the manufacturing industry should come as no surprise: Over the past two years the sector increasingly has been in the bullseye of cyberattacks, especially as ransomware gangs have begun to take advantage of the increased pressure on manufacturers during the pandemic.
They are always targeting industries or organizations under pressure because pressure leads to better outcomes or payment for them,” says Charles DeBeck, senior cyber threat intelligence analyst at IBM Security X-Force. Manufacturing firms generally can’t afford downtime, and the pandemic squeezed them even more as supply chains slowed.
According to incident-response (IR) cases investigated by IBM X-Force, more than 60% of incidents at OT firms last year were against manufacturers, and manufacturing surpassed financial services as the most-attacked vertical (23.2%) investigated by X-Force’s incident response team last year. Ransomware accounted for 23% of those attacks.
But the relatively “good” news was that the majority of attacks were on IT networks in the industrial sector, with just a few on their OT networks. “IT networks are well-trodden ground, and a lot of [attackers] know how to [target them],” DeBeck says. “[Direct] OT attacks are not that common.”
That’s because it takes time for a threat actor to gather intelligence on an OT network and the industrial processes it runs. According to Dragos, it takes about three to four years for a threat group to gather enough intelligence about a victim OT network to wage a significant attack on it. But Lee notes that several of the threat groups Dragos has been tracking during the past five years are well “inside that window” and could take their attacks to the next disruptive or destructive level.
To read the complete article, visit Dark Reading.