Cyberattacks Wreaking Physical Disruption on the Rise

  /     /     /  
Publicated : 23/11/2024   Category : security


Cyberattacks Wreaking Physical Disruption on the Rise


Ransomware groups tore into manufacturing other parts of the OT sector in 2023, and a few attacks caused eight- and nine-figure damages. But worse is yet to come in 2024.



At least 68 cyberattacks last year caused physical consequences to operational technology (OT) networks at more than 500 sites worldwide — in some cases causing $10 million to $100 million in damages.
Unsurprisingly, these werent
Stuxnet-like events
, but the opposite.
According to a new report from industrial control system (ICS) vendor Waterfall Security Solutions, which studied real-world cyberattacks on OT organizations, most of the hackers known to be targeting the OT sector these days are hacktivists. And the majority of disruptions are not caused by such direct manipulation of OT systems but are downstream consequences of IT-based attacks, most often involving ransomware.
That doesnt mean, though, that the impacts are any less severe. Incidents involving Johnson Controls and Clorox last year ended up costing those companies around $27 million and $49 million, respectively. One cyberattack that led to the temporary suspension of operations at MKS Instruments in Massachusetts cost $200 million, and one of its suppliers — California-based Applied Materials Inc. — reported losing another $250 million as a result.
The number of attacks with physical consequences increased by nearly 20% last year, according to the report.
In the past decade and a half, only around a quarter of cyberattacks with OT consequences were caused by actually hitting the OT network,
according to the report
Waterfall published in collaboration with OT incident threat database ICS STRIVE.
A large fraction of attacks that caused OT consequences did so by compromising machines in the IT network exclusively, explains Andrew Ginter, vice president of industrial security for Waterfall, and a co-author of the report. OT was often shut down in an abundance of caution because the business was not willing to keep running powerful, dangerous physical processes with compromise only one or two network hops away.
After its attack last March, for example, the German manufacturer Hahn Group GmbH switched off all of its systems as a safety precaution. A full, clean restoration of its systems took weeks thereafter. A number of other manufacturers last year followed that same playbook, even when safety wasnt at risk, in order to contain damage to further systems, sites, and customers.
OT was also often shut down because physical operations needed facilities on IT networks that ransomware had crippled — e.g., container-tracking systems for shipping or passenger signage for large rail stations, Ginter points out.
One prime case occurred last January, when UK Royal Mail printers were disabled and hijacked to print LockBit ransom notes. Mail export services were briefly suspended nationwide, in an event that ended up costing £42 million.
These dependencies are something many OT practitioners do not think about, Ginter explains. An IT network compromise can also affect physical operations, even if an OT network is secured, if the OT process rely on processes in the IT network.
More than half of publicly reported cyberattacks with OT consequences in 2023 affected the manufacturing sector. But if theres one sector to worry about more than the rest its, arguably, water.
Late last November, around 180 households in the Irish villages of Binghamstown and Drum lost water for two days, thanks to a loss of water pressure at a local pumping station. The cause was a cyberattack likely carried out by Irans Cyber Av3ngers, part of
a wider campaign targeting Unitronics pump controllers
.
Though such stories are still rare, water facilities combine a dangerous mix of low difficulty and high impact for hackers.
In the USA, the vast majority of the more than 20,000 drinking water treatment utilities are tiny. Minute. The vast majority of the more than 200,000 wastewater treatment systems — same thing. And realistically, with whatever budget these utilities have, almost all of it goes to people with trucks and backhoes digging holes in the ground, Ginter explains. Couple that with continued pressure to automate those water systems to reduce costs — a lot of these systems are regulated [because theyre local monopolies], and every regulator wants to reduce costs and reduce rates, so there is constant pressure to automate. All modern automation involves computers, meaning more targets for cyberattacks.
These systems have no security budget, so with the increased threat of hacktivist attacks and pressure to automate their operations, they are in peril, he notes, creating a growing problem for all of the small communities in the nation.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cyberattacks Wreaking Physical Disruption on the Rise