Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems

Assaults in opposition to industrial management techniques and operations expertise techniques are growing, as adversaries discover weaknesses in IT networks that enables them to maneuver into OT networks, based on a current report from SANS.

The State of ICS/OT Cybersecurity 2024 report from SANS relies on responses from cybersecurity professionals in varied essential infrastructure sectors. There have been extra non-ransomware incidents (74.4%) reported than ransomware (11.7%) over the previous yr, based on the SANS report.

Different preliminary assault vectors concerned in OT/ICS incidents embrace compromising OT and industrial management techniques by used of exterior distant companies (23.7%) or internet-accessible units (23.7%); compromising worker workstations (20.3%) and detachable media (20.3%); and a provide chain compromise (20.3%). It is value noting that 18.6% respondents mentioned attackers tried spear phishing with an e-mail attachment for the preliminary compromise.

One out of 5, of 19%, of respondents reported a number of safety incidents over the previous yr.

Whereas solely 12% of respondents reported being the targets of ransomware assaults up to now 12 months, the influence on the ICS/OT setting stays “doubtlessly catastrophic,” SANS mentioned within the report. Of the organizations who reported a ransomware incident, 38% mentioned solely IT community techniques had been impacted and 28.6% mentioned OT and ICS networks had been affected. Simply 21% mentioned each networks had been impacted. Greater than a 3rd, or 38.1%, mentioned reliabiiy and security was compromised throughout these assaults.

“Though the general pattern [ransomware] appears to have decreased, the impacts are nonetheless doubtlessly catastrophic, and ought to be thought-about for all ICS/OT- particular incident response packages,” SANS mentioned.