IT Brief Asia logo
Technology news for Asia's largest enterprises
Story image

Ransomware topped ICS and OT threats in 2021 - report

By Shannon Williams
Thu 3 Mar 2022

Ransomware topped ICS and OT threats in 2021, according to a new report from Dragos. 

Dragos has released its fifth annual Dragos ICS/OT Cybersecurity Year in Review report, a comprehensive analysis on cyber threats facing industrial organisations.

The report named the emergence of three new threat groups targeting ICS/OT environments, including two that have gained access into the OT systems of industrial organisations. It also shows the number of discovered vulnerabilities in OT systems in 2021 more than doubled over the previous year to 1,703. Ransomware became the number-one attack vector among industrial organisations, with manufacturing as the most targeted sector representing 65%, or 211, of the ransomware cases detected at industrial organisations.

The Dragos YIR report is an annual overview and analysis of ICS/OT-focused global threat activities, vulnerabilities, and industry insights and trends. The report aims to share data-informed observations and lessons learned from within the industrial community to give asset owners and operators actionable information and recommendations to help them more fully understand cyber risks to their ICS/OT environments and strengthen their cyber readiness.

“While the industrial community has discussed the importance of OT cybersecurity for years, 2021 brought high-profile attacks that showed the real-world outcomes on local communities and global economies,” says Robert M. Lee, chief executive officer and co-founder of Dragos.

“Data from our YIR shows that cyber risk to industrial sectors is accelerating at a time when digital transformation initiatives are driving hyper connectivity, which increases risk and exposure," he says.

"The real-world observations and data-backed insights in our 2021 YIR report can serve as practical, timely guidance as the industrial community strives to understand where they are exposed, what threat groups are doing, and how to build security and resiliency into their OT systems.”

Details of 2021 Year in Review:

  • Dragos identified three new ICS/OT Activity Groups—KOSTOVITE, PETROVITE, and ERYTHRITE, with KOSTOVITE and ERYTHRITE reaching Stage 2 of the ICS Cyber Kill Chain, meaning they gained access directly into ICS/OT networks. With these additions, Dragos analysts now track 18 Activity Groups worldwide that show the intent, opportunity, or capability to impact industrial operations.
  • KOSTOVITE targets renewable energy operations in North America and Australia, and in 2021 had a confirmed intrusion into an operations and maintenance (O&M) firm’s OT networks and devices.
  • PETROVITE targets mining and energy operations in Kazakhstan and Central Asia. The group displays an interest in data collection on ICS/OT systems and networks.
  • ERYTHRITE targets organisations in the US and Canada. Dragos has observed ERYTHRITE compromising the OT environments of a Fortune 500 company and the IT networks of a large electrical utility, food and beverage companies, auto manufacturers, IT service providers, and multiple Oil and Natural Gas (ONG) service firms.
  • ICS/OT Vulnerabilities in 2021 doubled compared with 2020, reaching 1,665. Analysis of these vulnerabilities and related advisories found that 35% could cause both a loss of view and loss of control in an OT system, which are among the worst operation scenarios in an ICS/OT environment. Almost 90% of the vulnerabilities had no mitigations or alternative mitigations in place at the time of the advisory issued about them.
     

Ransomware became the number one attack vector in the industrial sector. Two groups, Conti and Lockbit 2.0, caused 51% of total industrial ransomware attacks, with 70% of their activity targeting manufacturing. Overall, manufacturing was the primary target of ransomware across the board and accounted for 65% of all attacks, nearly twice as much as every other industrial group combined. 

Lessons from the Front Lines
Based on data gathered from annual customer service engagements conducted by Dragos’s cybersecurity experts in the field across the range of industrial sectors, the top challenges industrial organisations need to address are:

  • Limited or No OT Network Visibility: 86% of organisations had limited to no visibility into their ICS environment making detections, triage, and response incredibly difficult at scale.
  • Poor Security Perimeters: 77% of service engagements involved issues with improper network segmentation.
  • External Connections to the ICS Environment: 70% of organisations had external connections from OEMs, IT networks, or the internet to the OT network, which is more than double the amount from 2020.
  • Lack of Separate IT & OT User Management: 44% of organisations had shared credentials between their IT and OT systems, the most common method of lateral movement and privilege escalation.

New Incident Response Use Cases
The YIR report highlights Incident Response use cases from the field and examines previously undisclosed compromises of OT systems to add context to the major ICS/OT headlines of 2021—from the effects of the SolarWinds breach on ICS/OT environments to an example of an attack targeting an OT system that moved laterally to the IT network of an electric operator.

Related stories
Top stories
Story image
Tech job moves
Tech job moves - Adatree, Brother, Databricks, Nutanix & Rubrik
We round up all job appointments from May 20-26, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Customer experience
The importance of service level management to customer experience
Staffing shortages have impacted site reliability engineers in particular since they are under extreme pressure to ensure that digital assets perform at optimum levels 24/7.
Story image
DevOps
Deloitte expands cloud observability practice with Dynatrace
Deloitte is expanding its cloud observability practice, including DevOps principles, AI/ML, cloud complexity management and software engineering.
Story image
Contact Centre
Leveraging technology in contact centres to reduce attrition rates
Many organisations worldwide have accelerated DX to better respond to changing market drivers and business environments after the disruption of the pandemic.
Story image
APAC
Top data and tech challenges for APAC banks - report
InterSystems’ new report finds that 87% of A/NZ banks experience frustrations and concerns in using their data to drive decision-making.
Story image
SpaceX
Australian space tech startup secures SpaceX support
Space Machines Company has secured the support of SpaceX as a launch partner in carrying SMC's Optimus Orbital Transfer Vehicle to space next year.
Story image
Symbio
Symbio consolidates TNZI business to support APAC expansion
Symbio has recently announced the consolidation of its international business (TNZI) under the Symbio brand to support its Asia Pacific expansion strategy.
Story image
Cyber attacks
Devastating cyber attacks expected to hit energy sector
Energy executives anticipate life, property, and environment-compromising cyber attacks on the sector within the next two years.
Story image
Identity and Access Management
The post-pandemic workforce requires secure IAM capabilities
HID Global discusses what identity and access management means for organisations in today's convoluted digital world.
Sift
Navigating digital fraud and dispute can be tough. The Q4 2021 Digital Trust & Safety Index by Sift can give helpful insights to your business on keeping safe and prepared online.
Link image
Story image
Alteryx
Alteryx releases updates, empowers data insights for enterprise
Alteryx has released new advancements designed to aid enterprises with cloud analytics, democratise insights and ensure data governance.
Sift
Knowing the mechanics of retail fraud can greatly improve your chances of preventing an online attack. Read the new infographic by Sift to discover how your business can be prepared.
Link image
Story image
SaaS
The paradox of change, and how to get around it
The business decision to technologically transform should not come from an IT department but from the business itself.
Story image
Digital Signage
MAXHUB's Digital Signage range to bolster boardroom productivity
The new MAXHUB Digital Signage technology is purpose-built to make every kind of team meeting more effective.
SonicWall
Find out how you and your business can prevent being caught out by everything from ransomware to cryptojacking.
Link image
Story image
Kubernetes
Sysdig unveils new Kubernetes troubleshooting and cloud innovations
Sysdig has introduced two new innovations that look to help bolster cloud services and simplify Kubernetes troubleshooting.
Story image
Surveillance
i-PRO releases smallest AI-based surveillance camera on the market
The new i-PRO mini network camera is now available, with a pocket-sized form factor and full AI analytics functionality.
Story image
Logistics
Dematic robotic solutions win big at Singapore technology awards
Dematic has won the Robotics-Logistics award at the recently concluded Singapore Business Review Technology Excellence Awards.
Story image
Ransomware
APAC organisations fail to disclose ransomware breaches
85% of organisations in APAC were breached by ransomware at least once in the past five years, but only 28% publicly disclosed the incident.
Story image
Sustainability
SoftIron named global leader for efficient DC infrastructure solutions
SoftIron has been named a global leader for supplying energy-efficient data infrastructure solutions for core-to-edge data centers after an assessment by Earth Capital Ltd.
Story image
Check Point
Check Point and CCTV expert join forces to boost protection
The partnership will involve Check Point Quantum IoT Protect Nano Agent being embedded in Provision-ISR’s CCTV cameras for on-device runtime protection.
Story image
MEC
MEC spending for private cellular networks to reach $5.8b
A new ABI Research report finds the revenue for Multi Access Edge Compute (MEC) deployments for private cellular networks will reach USD$5.8 billion by 2030.
Story image
Training
Infosec unveils role-guided cybersecurity training roadmaps
Infosec Skills Roles maps hands-on training and certifications to the 12 most in-demand cybersecurity roles to maximise training efficiency.
Sift
Connected e-commerce apps are the future of retail and higher revenue growth. Read the new ebook by Sift to find out how to maximise your business potential.
Link image
Story image
Vectra AI
Vectra’s inaugural Partner of the Year Awards revealed
APAC companies Baidam, Firmus, ShellSoft and Macnica have been recognised in Vectra AI's inaugural Partner of the Year Awards.
Story image
Ponemon Institute
Email revealed to be riskiest channel for data loss
More than half (60%) of organisations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months.
Story image
Silver Peak
The path to an adaptive, modern network
Managing and securing the network looks different than it did just two years ago—especially given that most of these networks are made up of multi-generations of infrastructure stitched together over time.
Exabeam
Find out how a behavioural analytics-driven approach can transform security operations with the new Exabeam commissioned Forrester study.
Link image
Story image
Multi Cloud
Red Hat updates dev tools, empowers use of hybrid and multicloud
Red Hat has unveiled updates across its portfolio of developer tools, designed to help organisations build and deliver applications faster.
Story image
Cybersecurity
What every CISO must answer to enable a best-in-class security operations program
It has been widely reported recently that South Australian government employees have been the victims of a cyberattack.
Story image
Microsoft
Microsoft previews Power Platform website design offering
Microsoft has announced the preview of Power Pages, the fifth product in its Power Platform family, designed for low-code makers and professional developers.
Story image
Microsoft
Microsoft, Cloudian partnership offers data center flexibility
Cloudian’s HyperStore object storage platform is now integrated and validated to work with Microsoft SQ Server 2022, offering more flexible and scalable data centers.
Story image
Artificial Intelligence
Frost & Sullivan recognises Genesys as leader in new reports
Frost & Sullivan has recognised Genesys as a leader in the cloud contact centre market for its robust cloud and digital capabilities.
Story image
NVIDIA
NVIDIA announces a spate of new innovations at Computex 2022
NVIDIA has announced its latest innovations in data center, robotics, content creation, and gaming in a virtual keynote address on the opening day of Computex 2022 in Taipei.
Sift
Having secure retail solutions can be a make or break factor for a customers satisfaction. Sift has the expert tools and expertise to keep retail practices safe and customers happy.
Link image
Story image
Data Center
Preventing downtime costs and damage with Distributed Infrastructure Management
Distributed Infrastructure Management (DIM) can often be a lifeline for many enterprises that work with highly critical ICT infrastructure and power sources.
Story image
Digital Transformation
Harnessing digital innovations to maximise loyalty programmes and improve CX
When it comes to the retail sector, merchants have never had access to so many different client touchpoints and data to understand their customers better.
Story image
Transport
Third-party automotive apps bear significant privacy risks
Mobile applications for connected cars provide various features to make life easier for motorists, but they can also be a source of risk.
Story image
Cybersecurity
Accenture - a collective security approach a driving factor for cyber resilience
With the approaching Davos World Economic Forum upon us, it is even more imperative to discuss the impact of cybersecurity on business operations leading into the future.
Story image
Red Sift
Entrust expands strategic partnership with Red Sift
Entrust has expanded its strategic partnership with Red Sift to make it easier for businesses to adopt Brand Indicators for Message Identification (BIMI) standards for email identification and security.
Story image
Digital Marketing
Getty Images delves into the world of NFTs with Candy Digital
Getty Images and Candy Digital, the next-generation digital collectible company, have announced a new multi-year partnership agreement.
Story image
Artificial Intelligence
Gartner reveals top three tech trends for banks this year
Gartner says generative artificial intelligence, autonomic systems and privacy-enhancing computation are gaining traction in banking and investment services.
Story image
Rackspace
Skills shortages hold orgs back from capitalising on cloud 2.0
Organisations are becoming more comfortable with sophisticated 'cloud 2.0' technologies, even as they confront difficulties in hiring and retaining IT talent.
Story image
Managed service provider
Barracuda MSP Day 2022 highlights MSP opportunities
Barracuda Networks has released a report showing global services-related MSP revenue is set to increase by more than a third in 2022 compared to 2021.