"Ransomware Trained on Manufacturing Firms Led Cyberattacks in Industrial Sector"
Most industrial network operators and their security teams have seen a surge in ransomware attacks over the past year. Real-world incident response investigations conducted by teams at Dragos and IBM X-Force in 2021 revealed that the manufacturing sector is the most attractive Operations Technology (OT) target, and ransomware is the main weapon of choice against organizations within this sector. The two ransomware groups, Conti and LockBit 2.0, launched over 50 percent of all ransomware attacks on the industrial sector, 70 percent of which were against manufacturing firms, thus making manufacturing the main OT industry target of ransomware attacks last year. Although the ransomware attacks against Colonial Pipeline and JBS were the most high-profile in the manufacturing sector, there were a significant number of cases that did not go public, according to Rob Lee, founder and CEO of Dragos. Dragos responded to more than 200 ransomware attack incidents experienced by manufacturing firms last year. Incident-response (IR) cases investigated by IBM X-Force showed that over 60 percent of the incidents faced by OT firms last year were against manufacturers. In addition, manufacturing surpassed financial services as the most-attacked vertical investigated by X-Force's incident response team last year, with ransomware accounting for 23 percent of those attacks. Dragos also discovered three new threat groups it had not previously encountered in OT, dubbed Kostovite, Petrovite, and Erythrite, in 2021. Kostovite compromised a major operations and maintenance company's OT infrastructure by exploiting a zero-day vulnerability contained by the Ivanti Pulse Connect Secure VPN. The Petrovite threat group gathers intelligence on ICS and OT systems in mining and energy operations in Kazakhstan and Central Asia, while Erythrite targets Fortune 500 food and beverage, electric, oil and gas, and IT service providers supporting the industrial sector. A common issue among industrial organizations is a lack of network visibility as well as potentially open and vulnerable ports of entry. This article continues to discuss key findings surrounding attacks against industrial organizations.