State-backed hackers behind 60% of industrial sector cyberattacks

Nearly 60% of cyberattacks against the industrial sector are led by state-affiliated actors and often unintentionally enabled by internal personnel (about 33% of the time), according to a report by industrial automation company Rockwell Automation.

This corroborates other industry research showing that operational technology/industrial control system security incidents are increasing in volume and frequency and are targeting critical infrastructure, such as energy producers.

The report, Anatomy of 100+ Cybersecurity Incidents in Industrial Operations, was based on a global study conducted by Cyentia Institute. The study analysed 122 cybersecurity events that included a direct compromise of OT and/or ICS operations, collecting and reviewing nearly 100 data points for each incident.

“Energy, critical manufacturing, water treatment and nuclear facilities are among the types of critical infrastructure industries under attack in the majority of reported incidents,” Mark Cristiano, commercial director of global cybersecurity services at Rockwell Automation, said.

Key Insights
Based on incidents analysed, key findings from the report include:

• In the OT/ICS incidents studied, 60% resulted in operational disruption and 40% resulted in unauthorised access or data exposure.
• The damage of cyberattacks extends beyond the impacted enterprise as broader supply chains were also impacted 65% of the time.
• OT/ICS cybersecurity incidents in the last three years have exceeded the total number reported between 1991 and 2000.
• Threat actors focused most on the energy sector (39%), over three times more than the next most frequently attacked verticals of critical manufacturing (11%) and transportation (10%).
• Phishing remains the most popular attack technique (34%).
• In more than half of OT/ICS incidents, supervisory control and data acquisition systems are targeted (53%), with programmable logic controllers as the next most common target (22%).
• More than 80% of threat actors come from outside organisations, yet insiders play an unintentional role in opening the door for threat actors in approximately one third of incidents.

Strengthening Of IT Systems Critical
The research indicates that strengthening the security of IT systems is crucial to combating cyberattacks on critical infrastructure and manufacturing facilities. More than 80% of the OT/ICS incidents analysed started with an IT system compromise, attributed to increasing interconnectivity across IT and OT systems and applications.

The IT network enables communication between OT networks and the outside world and acts as an entryway for OT threat actors. Because networks and devices are connected daily into OT/ICS environments, this exposes industrial equipment to sophisticated adversaries. Implementing a firewall between IT and OT environments may no longer be enough, and having a strong, modern OT/ICS security programme is important to maintain secure operations and availability, the research suggests.

To combat phishing attacks, the research underscores the importance of cybersecurity tactics, such as segmentation, air gapping, zero trust architecture and security awareness training.

“The dramatic spike in OT and ICS cybersecurity incidents calls for organisations to take immediate action to improve their cybersecurity posture or they risk becoming the next victim of a breach,” Sid Snitkin, vice president of cybersecurity advisory services at ARC Advisory Group, said. “The threat landscape for industrial organisations is constantly evolving, and the cost of a breach can be devastating to organisations and critical infrastructure.” Bloomberg