As geopolitical tensions and conflicts rise across the globe, so are cyber-attacks on critical Western infrastructure, particularly industrial facilities running on operation technology (OT) systems.
Ransomware attacks on industrial organizations increased by over 50 percent in 2023, according to a report by cybersecurity firm Dragos: OT Cybersecurity – 2023 in Review. Seventy percent of all ransomware attacks targeted 638 manufacturing entities in 33 unique manufacturing subsectors.
Dragos tracked a total of 21 threat groups targeting industrial organizations including three new threat groups: Gananite, Laurionite, and Voltzite. Dragos reports all three new groups as conducting diverse operations against various organizations, including cybersecurity research firms, government and military defense entities, rail, manufacturing, automotive, and utilities. Voltzite has been the most active of the three in targeting critical infrastructure.
An intruder can sit on a system undetected
Some threat groups such as Voltzite use sophisticated techniques such as Living Off the Land (LOTL) techniques, where an intruder can sit undetected on a targeted company’s system for months or even years. Others specialize in picking what the report calls “low-hanging fruit” such as poorly secured internet-accessible devices. Another newcomer, LAURIONITE, has also been actively targeting and exploiting Oracle E-Business Suite iSupplier web services and assets across several industries, including aviation, automotive, manufacturing, and government.
According to the report: “The OT cyber threat landscape continued to evolve in 2023, with an increase in tracked threat groups, ransomware events, and other threat activities driven by global conflict. The adversaries involved in these activities varied widely in terms of their level of sophistication, deployed capabilities, and intended targets.”
Hacker Group, Anonymous Sudan, is also attacking the United States and other NATO-aligned powers. Similar activity is reported on the part of pro-Hamas hacktivist groups such as the CyberAv3ngers and Team Insane Pakistan claiming disruptive attacks against Israeli Railways, an Israeli power grid system, and an Israeli hydroelectric plant.
Dragos lays the increase in attacks on US and Nato countries’ critical infrastructure firmly at the door of growing geopolitical conflict: “Mounting tensions between China and Taiwan contributed to the environment where Dragos observed Voltzite target several industrial organizations in the Asia-Pacific region, Africa, and North America — including entities in electric, satellite communications, telecommunications, emergency management, and defense industrial base sectors — with cyber-attack campaigns assessed to be aimed at long-term espionage objectives.”
