Create a free Industrial Equipment News account to continue

Dragos Reports Rise in Geopolitically Driven Attacks, Ransomware

New threat groups, state actors and hacktivist groups gained ground, but there's positive movement as well.

Feb 29, 2024
Manufacturing Infrastructure Cyber

Dragos Inc., the global leader in cybersecurity for operational technology (OT) environments, recently released its sixth annual Dragos OT Cybersecurity Year in Review report. It report named the emergence of three new threat groups, including VOLTZITE linked to Volt Typhoon, and found that ransomware continued to be the most reported cyber threat among industrial organizations - with a nearly 50 percent increase in reported incidents. 2 

“OT cyber threats reached a tipping point in 2023,” said Robert M. Lee, Co-founder and CEO of Dragos. “Industial and critical infrastructure has been moving away from highly customized facilities to ones that—for good economic and productivity reasons—share the same industrial devices, technologies, and facility designs across sites and sectors.

"Unfortunately, adversaries are now leveraging these homogenous infrastructures to scale attacks. They also target weaknesses in environments that pushed digital transformation without adequate cybersecurity measures. These factors contributed to an environment in 2023 in which organizations were  challenged with a range of threats, including increasingly sophisticated state actors, hacktivists praying on pervasive security weaknesses, and a growing barrage of ransomware attacks. 

“There were positive developments for OT cybersecurity too,” continued Lee. “We saw vendors, governments, and the community collaborate to enable a unified, risk-based response to threats, as was the case with the ControlLogix vulnerabilities disclosed by Rockwell Automation.” Additional details of the report include:

  • Dragos identified three new OT Threat Groups—VOLTZITE, GANANITE, and LAURIONITE. Dragos analysts now track 21 Threat Groups worldwide that have been observed as being engaged in OT operations in 2023.
  • VOLTZITE overlaps with Volt Typhoon, a group that the U.S. Government has publicly linked to the People’s Republic of China. The group’s threat activities include living off the land (LOTL) techniques, prolonged surveillance, and data gathering aligned with Volt Typhoon’s assessed objectives of reconnaissance and gaining geopolitical advantage in the Asia-Pacific region. 
  • GANANITE targets critical infrastructure and government entities in the Commonwealth of Independent States and Central Asian nations. The group leverages publicly available proof of concept (POC) exploits for internet-exposed endpoints and focuses on espionage and data theft.
  • LAURIONITE targets and exploits Oracle E-Business Suite iSupplier web services and assets across aviation, automotive, and manufacturing industries. The group utilizes a combination of open-source offensive security tooling and public proof of concepts to aid in their exploitation of common vulnerabilities.
  • Geopolitical conflicts drove threat activity with regional and global kinetic events overlapping with OT cybersecurity threats. The Ukraine-Russia conflict prompted more mature threat groups, such as ELECTRUM, to increase activity, while tensions between China and Taiwan contributed to increased targeted cyber espionage attacks against industrial organizations in the Asia-Pacific region and the United States. ​
  • Hacktivists for the first time achieved Stage 2 of the ICS Cyber Kill Chain, when CyberAv3ngers attacked programmable logic controllers (PLCs) used by water utilities across North America and Europe with an anti-Israel message. While hacktivist groups typically conduct  distributed denial of service (DDoS) attacks with minimal impact, this attack demonstrated the ability to disrupt OT systems by using unsophisticated methods with weak security controls. 
  • Ransomware remains the number one attack in the industrial sector increasing 50 percent from 2022. Manufacturing continues to be the primary target of ransomware and accounted for 71 percent of all ransomware attacks. 
  • The number of vulnerabilities that require authentication to exploit is rising, pointing to a positive trend for OT defenders. In 2023, 34 percent of CVEs required some authentication,  compared to 25 percent in 2020. 
  • 28 percent of service engagements involved issues with improper network segmentation or improperly configured firewalls.
  • Approximately 70 percent of OT-related incidents originated from within the IT environment.

The full report, and the accompanying executive summary document, can be downloaded here.

Latest in Advanced Mfg
Security Breach Podcast
Sponsored
Security Breach Podcast
April 19, 2024
Ep90
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
April 25, 2024
Industrial Cyber
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
April 24, 2024
Manufacturing Infrastructure Cyber
Avoiding Shutdowns from Ransomware Attacks
April 24, 2024
Related Stories
Flirtn
Advanced Mfg
On Demand: Acoustic Imaging for Manufacturing – Capturing Cost Savings Through Sound
I Stock 1425766526
Advanced Mfg
Purdue's New Interdisciplinary Labs Bolster U.S. Manufacturing
When selecting an RTU, performance, reliability and the right manufacturer are important factors for success.
Advanced Mfg
Factors to Consider When Selecting & Implementing an RTU
Security Breach Podcast
Sponsor Content
Security Breach Podcast
More in Advanced Mfg
Security Breach Podcast
Sponsored
Security Breach Podcast
A new video series from Manufacturing.net - Security Breach, looks to offer the insight and tools needed to ready your company's defenses. Stay up-to-date on today's vital cybersecurity topics by subscribing here.
April 19, 2024
Ep90
Safety
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.
April 25, 2024
Industrial Cyber
Advanced Mfg
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
Maximizing technology investments while maintaining security.
April 24, 2024
Manufacturing Infrastructure Cyber
Advanced Mfg
Avoiding Shutdowns from Ransomware Attacks
A strategic approach for protecting OT networks.
April 24, 2024
Rrmif
Advanced Mfg
RTX Breaks Ground on $115M Expansion of Alabama Missile Integration Facility
The expansion will also bring an estimated 185 new jobs to the area.
April 24, 2024
Electro
Advanced Mfg
Elevating Processes to Match Material Advancements
Pulsed electrochemical machining could be the key to unlocking new and innovative material benefits.
April 22, 2024
Cybersecurity In A Bubble
Advanced Mfg
Responding to Emerging Risks and Attack Vectors
Insight on key hacker strategies, response plans and creating a culture that embraces cybersecurity.
April 18, 2024
Ep89
Advanced Mfg
Security Breach: Weaponizing Secure-By-Design
How a greater focus on new and legacy OT connections could alter the cybersecurity battlefield.
April 18, 2024
Ep88tn2
Video
Security Breach: Over-Connectivity and Mobile Defeatism
The good, the bad and the ugly of mobile device security in the expanding OT attack landscape.
April 11, 2024
Container Ship At Port And Cargo Plane 000071988275 Large
Advanced Mfg
Protecting Ships from Cyber Terrorism
Cargo ships feature a number of connected operational technologies - making them vulnerable to cyberattacks.
April 10, 2024
People Cyber Metamorworks
Advanced Mfg
The Weakest Link in Manufacturing Cybersecurity
An organization can be equipped with state-of-the-art cybersecurity systems, but one significant vulnerability may remain.
April 4, 2024
Soc
Advanced Mfg
Everyone's Responsibility: Building a Cybersecurity-Centric Culture
Cybersecurity leaders must go beyond checking a box and get creative to actually change behavior.
April 3, 2024
Ep87tn
Video
Security Breach: Hackers Learn How to Attack You, From You
It's not always about the ransom, data theft or denial of service.
April 3, 2024
istock.com
Advanced Mfg
Data Woes Stifling Manufacturing, Adding to Cyber Challenges
A new report uncovers the complex issues surrounding the use and defense of Industry 4.0.
March 28, 2024
Jeff Thumb
Software
Security Breach: The Largest Attack Surface - People
How we're failing to properly support and train our most important cybersecurity asset.
March 28, 2024