Dragos 2022 report urges effective response plans to prevent cyberattacks
After embarking on an expansion drive in Saudi Arabia last year, leading global cybersecurity company Dragos has released a detailed 2022 year-in-review report, which spotlights cyber threats facing industrial organizations, tracks the top four IT and security practices that expose organizations to threats, and offers cybersecurity recommendations.
The report delves into the menace of ransomware attacks, which are identified as crucial and perilous cybersecurity threats to industrial organizations. According to the report, there has been an 87% surge in such attacks in 2022 when compared to the previous year. The electricity and manufacturing sectors specifically faced an increasing number of cyberattacks targeting Industrial Control Systems (ICS) and Operational Technology (OT).
Dragos tracked 35% more ransomware groups impacting ICS/OT in 2022 compared with 2021. The attacks targeted 437 industrial organizations across 104 manufacturing sub-sectors. Among the targeted industries, mining accounted for 10% of the attacks, while food and beverage, automotive, and electronics each accounted for 9%, and building materials, industrial equipment, supplies, energy, and plastics each accounted for 5-5.7% of the attacks. Additionally, 4% of the attacks targeted pharmaceuticals, and 3% targeted oil and natural gas.
Threat groups targeting ICS
The report documents new harmful tools and software by threat groups targeting ICS in 2022. Dragos identified PIPEDREAM from the CHERNOVITE threat group, which has the capacity to attack a range of ICS systems across industries but was discovered before it was employed. INDESTROYER2—a new variant of CRASHOVERRIDE–was the sixth known ICS-specific malware and represented the first time ICS-specific malware had been reconfigured and then redeployed in an electric utility environment.
Robert M. Lee, the CEO and Co-founder of Dragos Inc, said: “the evolution of malware that can target the range of industrial systems at scale has the potential to cause financial harm to organizations in the region and threaten human health and life.”
“This represents the highest level of threat to vital infrastructure and assets,” he added.
Additionally, the BENTONITE group targeted offshore oil and natural gas, government, and manufacturing sectors, through espionage and vandalism attacks, exploiting vulnerabilities in internet assets to gain access. The report also noted that a single tool could disrupt tens of thousands of systems, impacting the management of global infrastructure for electricity grids, oil and gas pipelines, and water companies.
Dragos recorded a 27% increase in ICS/OT vulnerabilities from the previous year, indicating that security researchers must pay more attention to the risks of industrial infrastructure. The report also highlighted that 83% of the vulnerabilities were located deep in the ICS network and that there was an increase in Common Vulnerabilities and Exposures (CVEs) from 1,703 in 2021 to 2,170 in 2022.
It pointed out that a number of industrial institutions worldwide have become increasingly conscious of cyber threats and the vulnerabilities they face. Statistics showed that these institutions have made progress in managing security perimeters and external communications. However, the report emphasized that there is still much work to be done to enhance the visibility and segmentation of OT networks and to manage communication and credentials on ICS assets.
Recommendations for industrial organizations
Dragos advised industrial organizations to develop effective response plans to prevent attacks in general, along with the implementation of tools to monitor their infrastructure and ensure access to their systems through the Two-factor Authentication method. It is essential to identify all assets and communications between information technology networks and operational technology, followed by conducting accurate studies of communications between facility networks and industrial control systems and restricting them to known processes.
Furthermore, the report suggested that industrial enterprises should identify and address vulnerabilities, enhance the scope and quality of visibility for all parties and operations of the enterprise, monitor the assets of the industrial control systems network, and prepare a response plan for any potential attacks on industrial control systems. Moreover, industrial threat detection mechanisms should be utilized to identify malware within OT, improve defense strategies at the network level, and strengthen the capabilities of the security team.
Dragos cybersecurity solutions
The Dragos Platform offers the most effective industrial cybersecurity technology, giving customers visibility into their ICS/OT assets, vulnerabilities, threats, and response actions. The strength behind the Dragos Platform comes from our ability to codify Dragos’s industry-leading OT threat intelligence, and insights from the Dragos services team, into the software. Our community-focused approach gives you access to the largest array of industrial organizations participating in collective defense, with the broadest visibility available.
Dragos’ cybersecurity solutions for ICS/OTs safeguard industrial enterprises in various sectors, including electricity, oil and gas, manufacturing, building automation systems, chemicals, government, water, food and beverage, mining, transportation, and pharmaceuticals.