Ransomware, Data Breaches Inundate OT & Industrial Sector

Because of the criticality of remaining operational, industrial companies and utilities are far more likely to pay, attracting even more threat groups and a focus on OT systems.

Three-quarters of industrial firms suffered a ransomware attack in the past year, with far more compromises affecting operational technology (OT) than ever before — representing a surge in attacks driven by both the industrial sectors vulnerability and propensity to pay ransoms in order to remain operational.
In the past 12 months, more than half of industrial firms (54%) suffered a ransomware attack that impacted their operational technology, whether directly or because a linked IT system had been attacked, according to a report released by cyber-physical defense company Claroty on Dec. 6. The impact of the attacks on OT systems is a notable increase from the firms last report in 2021, when 47% of companies had ransomware impact their operations.
Indeed, attacks on industrial firms and critical infrastructure providers
have become downright common
. The Aliquippa Municipal Water Authority, located in Pittsburgh, recently
suffered a site defacement
after an Iranian-linked threat group known as Cyber Av3ngers forced it to shut down a water-pressure monitoring system and changed the sites landing page. That incident turned out to be part of a
wider spate of cyberattacks on water facilities across the US
that started in late November. But its not just utilities in the sights: in February 2022, tire maker Bridgestone had to
shut down its manufacturing networks
for several days after the LockBit 2.0 ransomware group successfully breached its network.
While the Claroty survey shows that direct targeting of OT systems remained consistent over the two time periods, with more than a third of companies (37%) suffering attacks that affected both IT and OT systems in 2023, there has been a significant increase from the 27% of organizations suffering dual-impact attacks in 2021, say Grant Geyer, chief product officer at Claroty.
The numbers — as astounding as they were last year — they continue to not only show the severity of the problem, but the fact that its an extremely viable business model and puts operations at risk, not just IT, he says. Because so many OT systems are Windows-based, the ransomware often spills over from the IT environment into the OT environment, because of poor or no segmentation.
Overall, the industrial sector has remained the top ransomware target every month for the past year, according to data from the NCC Group, a cybersecurity services firm. Ransomware attacks were up 81% in October, compared to the same month the previous year, and attacks on the industrial sector routinely represent a third of all ransomware incidents.
Threat activity has also increased overall because of recent geo-political conflicts, leading to industrial attacks by both state-sponsored actors and hacktivists, says Sean Arrowsmith, head of Industrials for the NCC Group.
The ability to disable, and or cripple energy infrastructure can result in limited to no access for its consumers, adding to the instability and chaos that war and conflict bring, he says. These acts of sabotage play into the all-important power dynamics of international security issues.
One reason for the attractiveness of attacking industrial companies: disruptions to operations result in a greater likelihood of pay ransoms. Typically, companies propensity to pay ransomware depends heavily on their revenue — smaller companies pay up 36% of the time, instead relying on backups, while larger companies pay 55% of the time, according to
Sophos annual State of Ransomware report
.
Meanwhile, victims in the industrial sector pay a whopping two-thirds (67%) of the time,
according to Clarotys Global State of Industrial Cybersecurity 2023 report
.
You have to look no further than the fact that two-thirds of organizations are paying the ransom to recognize why so many organizations are being attacked, Clarotys Geyer says. Operational outages puts CIOs between a rock and a hard place, and forces them to make these untenable emotional decisions.
Third parties are another weakness that companies reliant on OT — such as industrial firms and utilities — need to address.
All Top-10 energy firms in the United States, for example, had a third-party provider that suffered a compromise in the past 12 months, leading to a breach of their business,
according to security metrics firm SecurityScorecard
. While only 4% of the nearly 2,000 third-party providers tracked by the firm suffered a direct compromise, that led to 90% of energy firms worldwide dealing with the fallout of those breaches over a year.
Case in point, the
MOVEit breach
alone affected hundreds of energy firms, according to Rob Ames, staff threat researcher at SecurityScorecard.
This sort of claim of a breach and then threatened data exposure is becoming a more-and-more central part of the exposure of the extortion attempt, rather than the actual deployment of ransomware properly, he says. I would say that extortion attempts that rely more on claimed exposure, rather than actual encryption is a trend, and, of course, still financially motivated.
Many water utilities and other critical infrastructure firms are small, local companies, or operated by towns and counties. As such, they tend to be behind on deploying cybersecurity. Case in point: two years after the ransomware attack on Colonial Pipeline,
critical infrastructure owners are still not ready
to protect against ransomware, often because the economics does not add up, says Clarotys Geyer.
Free-market forces in certain segments cant economically drive change to some of these least protected/most vulnerable aspects of our society, he says. And this is the opportunity for whole of government to step in and not just drive regulation, but drive funding to help ensure that many of these entities under-invested in cyber — what we call target rich, cyber poor sectors — are properly defended.
Companies do not need to have deep expertise in-house, but should focus on visibility, planning, and incident response exercises, says NCC Groups Arrowsmith.
Develop a robust incident-response plan for IT and OT, then rehearse and drill that plan so all stakeholders are clear on roles and responsibilities, he says.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Ransomware, Data Breaches Inundate OT & Industrial Sector