Industrial System Cyberattacks Surge as OT Stays VulnerableIndustrial System Cyberattacks Surge as OT Stays Vulnerable

Ransomware attacks on manufacturing, oil and gas, and other industrial sectors jumped significantly in 2024, as more groups emerged to target operational technology (OT); nearly a quarter of affected firms had to suspend operations.

Overall, nearly 1,700 ransomware attacks successfully breached industrial organizations last year, as measured by attackers' posts on dedicated leak sites. That's an increase of 87% over the previous year, according to an OT/ICS report published by Dragos, an infrastructure security firm. The breaches led 25% of affected sites to halt operations, while 75% of attacks caused operational disruption to some degree, the company's report stated.

Those are conservative estimates, Robert Lee, CEO and co-founder of Dragos, said during a press call announcing the report. Overall, the number of ransomware attacks is underreported because of fear of reputational damage, he said.

"It's a much larger number than I think the public is aware of [because] there's not a huge incentive to report, and there's not a whole lot of value in reporting," Lee said. "Even if government wanted to get involved, it's like, what are you actually going to do?"

In tandem with the surge in attacker interest directed at OT systems, many of those systems remain vulnerable, according to a second report released last week by cyber-physical security firm Claroty. In a study of 1 million OT devices, the firm's researchers found that 40% of organizations have at least one asset insecurely connected to the Internet, and about a third (31%) have an asset connected to the Internet that also has a known exploited vulnerability (KEV).

Related:How Do We Build Ransomware Resilience Beyond Just Backups?

The vulnerabilities are often exposed because of expediency, says Grant Geyer, chief strategy officer at Claroty.

"A lot of why this happens is there's some emergency — there's a maintenance issue or production is down — and they need to connect their automation OEM to the asset to do maintenance troubleshooting or firmware upgrade," he says. "And so they will download TeamViewer or some other off-the-shelf remote access tool and implement it quickly, without multifactor authentication in place, so it's an open channel out to the Internet."

Continue Reading This Story on Dark Reading >>>