Multiple Hacking Groups Targeting ICS/OT Systems

Who is attacking ICS/OT systems?

• Experts spotted three new groups Petrovite, Kostovite, and Erythrite, that have been targeting ICS/OT systems.
• According to the report, Kostovite and Erythrite can carry out sophisticated intrusions with the aim to hijack system access and steal data.
• Moreover, the report revealed that LockBit 2.0 and Conti are the groups that joined the scene and are estimated to be behind 51% of all ransomware attacks in the industrial sectors.
• Most affected sectors include manufacturing (with 211 attacks), followed by food and beverage (35), transportation (27), energy (13), and oil and gas (10).

Discussing the three new threats

• Kostovite targeted a major renewable energy organization in 2021. It used a zero-day vulnerability in Ivanti Connect Secure to obtain direct access to the firm's infrastructure, move laterally, and steal data.
• Petrovite was first discovered in 2019 and continually targeted mining and energy firms in Kazakhstan. This group had used the Zebrocy backdoor and performed general reconnaissance.
• Erythrite generally targets organizations based in the U.S. and Canada. The target list is wide and includes oil and gas, electricity firms, manufacturers, along with one member of the Fortune 500.

What is making hackers successful?

• The industry-related CVE vulnerabilities were over doubled in 2021 in comparison to 2020.
• Around over a third of CVE advisories are having inaccurate data and errors in regards to ICS/OT, making it harder to patch emerging vulnerabilities correctly.
• Moreover, around 65% of advisories for public vulnerabilities had a patch available with no alternative means of solution.

Conclusion