Cyberattacks wreaking physical disruption on the rise

At least 68 cyberattacks last year caused physical consequences to operational technology (OT) networks at more than 500 sites worldwide — in some cases causing $10 million to $100 million in damages.

2 Min Read
Cyberattacks wreaking physical disruption on the rise

At least 68 cyberattacks last year caused physical consequences to operational technology (OT) networks at more than 500 sites worldwide — in some cases causing $10 million to $100 million in damages.

Unsurprisingly, these weren’t Stuxnet-like events, but the opposite.

According to a new report from industrial control system (ICS) vendor Waterfall Security Solutions, which studied real-world cyberattacks on OT organizations, most of the hackers known to be targeting the OT sector these days are hacktivists. And the majority of disruptions are not caused by such direct manipulation of OT systems but are downstream consequences of IT-based attacks, most often involving ransomware.

That doesn’t mean, though, that the impacts are any less severe. Incidents involving Johnson Controls and Clorox last year ended up costing those companies around $27 million and $49 million, respectively. One cyberattack that led to the temporary suspension of operations at MKS Instruments in Massachusetts cost $200 million, and one of its suppliers — California-based Applied Materials Inc. — reported losing another $250 million as a result.

The number of attacks with physical consequences increased by nearly 20% last year, according to the report.

IT Attacks With OT Consequences

Related:Trump 2.0 may mean fewer cybersecurity regs, shift in threats

In the past decade and a half, only around a quarter of cyberattacks with OT consequences were caused by actually hitting the OT network, according to the report Waterfall published in collaboration with OT incident threat database ICS STRIVE.

“A large fraction of attacks that caused OT consequences did so by compromising machines in the IT network exclusively,” explains Andrew Ginter, vice president of industrial security for Waterfall, and a co-author of the report. “OT was often shut down in ‘an abundance of caution’ because the business was not willing to keep running powerful, dangerous physical processes with compromise only one or two network hops away.”

After its attack last March, for example, the German manufacturer Hahn Group GmbH switched off all of its systems as a safety precaution. A full, clean restoration of its systems took weeks thereafter. A number of other manufacturers last year followed that same playbook, even when safety wasn’t at risk, in order to contain damage to further systems, sites, and customers.

To read the complete article, visit Dark Reading.

Subscribe to receive Urgent Communications Newsletters
Catch up on the latest tech, media, and telecoms news from across the critical communications community