Manufacturing under ransomware attack in 2021

Industrial cybersecurity company Dragos has released its fifth annual cybersecurity year in review report.

The report has revealed that ransomware became the number one attack vector in the industrial sector.

Manufacturing was the most targeted sector, representing 65% (or 211) of the ransomware cases detected at industrial organisations.

Vulnerabilities more than doubled over the previous year to 1703, with major cybersecurity incidents striking industrial organisations in a range of sectors, including food and beverage.

The report provides incident response lessons learned, including its investigation of the ransomware breach on the computer networks of JBS Foods in May 2021, which resulting in the company paying the equivalent of AU$14.6 million in ransom to the cybercriminal group in order to mitigate any risks.

The report named the emergence of three new threat groups targeting industrial control systems (ICSs) and operational technology (OT), including two that gained access into OT systems of industrial organisations.

“While the industrial community has discussed the importance of OT cybersecurity for years, 2021 brought high-profile attacks that showed the real-world outcomes on local communities and global economies,” said Robert M Lee, Chief Executive Officer and Co-Founder of Dragos, Inc.

Based on the report data, the top challenges industrial organisations need to address are:

• Limited or no OT network visibility: 86% of organisations had limited to no visibility into their ICS environment making detections, triage and response incredibly difficult at scale.
• Poor security perimeters: 77% of service engagements involved issues with improper network segmentation.
• External connections to the ICS environment: 70% of organisations had external connections from OEMs, IT networks or the internet to the OT network, which is more than double the amount from 2020.
• Lack of separate IT & OT user management: 44% of organisations had shared credentials between their IT and OT systems, the most common method of lateral movement and privilege escalation.
   

The Dragos YIR report is an annual overview and analysis of ICS/OT-focused global threat activities, vulnerabilities, and industry insights and trends. The report aims to share data-informed observations and lessons learned from within the industrial community to give asset owners and operators actionable information and recommendations to help them more fully understand cyber risks to their ICS/OT environments and strengthen their cyber readiness.

The 2021 Dragos ICS/OT Cybersecurity Year in Review report can be downloaded here: https://hub.dragos.com/2021-year-in-review.

Image credit: ©stock.adobe.com/au/zephyr_p