Lately, critical infrastructure has been a hot target for cybercriminals. As per research by Mandiant, exposed Operational Technology (OT) systems saw a significant increase in attacks in the last 18 months. It is extremely easy for attackers to get into unprotected networks that are unauthenticated and can be discovered via connected-device search engines. Let us go through some attack trends on critical infrastructure.
Getting to the trends
The first trend that needs to be considered is the sheer volume of poorly planned attacks. However, with time, these waves grow as threat actors learn from each other. Amateur attacks have impacted various industries, such as water control systems, solar panels, and building automation systems, in both private and academic residences.
Ransomware gangs have become more ruthless as they pick victims with no tolerance for downtime, including critical infrastructure operators. According to a recent study, 41% of all ransomware attacks, in 2020, involved OT networks.
Amateur attacks often abuse graphical user interfaces and human-machine interfaces, as they allow the attackers to alter control variables of a process. While most of these attacks are by nature opportunistic, some of them are suspected to have political motivations.
Why this matters
Every attack allows attackers to gain more knowledge about OT systems, including their operations, physical processes, and technology. This knowledge allows attackers to enhance their capabilities.
For organizations with less mature security defenses, even the threat of low sophistication attacks can prove to be deadly.
Some statistics your way
According to the 2021 Reliability Risk Priorities Report, there has been an increase of 156% of vulnerability-related incidents, followed by a 170% increase in ransomware-related incidents and a 111% increase in suspicious incidents against the critical infrastructure.
Another study found that 86% of critical infrastructure organizations in the U.K have suffered some sort of attack in the last 12 months.
The majority (79%) of the organizations surveyed in the above study use OT systems that are 6–20 years old, while a third of them use systems that are 11-20 years old.
How to stay safe?
In the case of OT systems that cannot be regularly patched, air-gapping should be considered. If air-gapping is not possible, assets should be removed from public-facing networks.
Leverage situational awareness by integrating industry-related current threat intelligence with an existing security strategy.
Configure control system assets to implement acceptable input ranges and eliminate malicious variables.
The bottom line
The risks associated with attacks on critical infrastructure are not only limited to financial losses but can also incur a loss of human safety and lives. Therefore, it is crucial that OT security leaders incorporate best practices in the current security plan.