"OT Data Stolen by Ransomware Gangs Can Facilitate Cyber-Physical Attacks"

According to new research at Mandiant, many of the ransomware attacks on industrial and critical infrastructure organizations result in the exposure of operational technology (OT) data that could be useful to threat actors, including to conduct cyber-physical attacks.  A cyber-physical attack is a breach in cyberspace that impacts physical processes, potentially causing damage to property and putting safety or lives at risk.  The researchers analyzed the roughly 2,600 data leaks that resulted from ransomware attacks in 2021 and determined that approximately 1,300 of them impacted critical infrastructure and industrial organizations.  An investigation of 70 of these leaks showed that ten of them contained technically sensitive OT information.  The researchers stated that access to this type of data can enable threat actors to learn about an industrial environment, identify paths of least resistance, and engineer cyber-physical attacks.  On top of this, other data also included in the leaks about employees, processes, and projects can provide an adversary with a very accurate picture of the target’s culture, plans, and operations.  The researchers stated that even if the exposed OT data is relatively old, the typical lifespan of cyber-physical systems ranges from twenty to thirty years, resulting in leaks being relevant for reconnaissance efforts for decades.

SecurityWeek reports: "OT Data Stolen by Ransomware Gangs Can Facilitate Cyber-Physical Attacks"