OT security insights
- There is an escalation in ransomware attacks on ICS and OT environments due to increased digitization.
- Additionally there is a concerning rise in sophisticated state-backed cyberattacks on critical infrastructure, with an issue of strategic preparations and intentions of nation-state actors to cause physical impacts.
Ransomware targeting ICS/OT environments
The expectation is to see more ransomware targeting ICS/OT environments, whether unintentionally or intentionally. Operational technology (OT) is where companies make their money, and some ransomware gangs (e.g., Lockbit) have been very vocal recently on trying to increase their revenue. In addition to this, as digitization of industrial environments increases, there will be a lot more intended and unintended accessibility of ICS/OT networks, leading to more frequent ransomware infections even when the adversary did not intend that.
State-backed, targeted intrusions and attacks against critical infrastructure
Along with more ransomware, expect to see more state-backed, targeted intrusions and attacks against critical infrastructure. The recent SektorCERT report from Denmark very clearly shows what a dedicated, state-backed/sponsored attacker can accomplish. Northern European countries are better prepared to deal with these types of attacks than most other European countries. Every country in Europe and beyond should closely study this report and understand this case study as a demonstration of capabilities and how state-level adversaries are advancing their capabilities, “preparing the battlefield,” and quickly executing attacks — potentially with physical effects, if they get the order.
Commoditization of ICS/OT technology
Commoditization of ICS/OT technology — increasing digitization on the one hand, and increased use of sophisticated toolkits by adversaries on the other hand — will lower the bar for attacking a wide swath of industrial processes across many industry verticals. What Dragos designated PIPEDREAM in 2022 is a good case study of where the industry might be headed, resulting in toolkits available to state-backed adversaries that do not require much training and knowledge of specific industrial environments and processes to achieve low- to medium-level effects. And “effects” does not mean a bunch of computers go down, but otherwise the environment is unharmed. By “effects” against industrial environments, we mean disruption, degradation or even outright destruction of industrial equipment down to the physical level, leading to potentially very harmful effects on industrial processes, should they go out of control. This is what especially state-backed adversaries are after. It is probably too early for these toolkits to proliferate to criminal groups, but this is what companies must prepare for while there is still time.
Original content can be found at https://www.sans.org/blog/top-3-predictions-for-ics-ot-security-in-2024-in-emea/.
Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.