{"id":3854,"date":"2023-11-13T17:08:37","date_gmt":"2023-11-13T17:08:37","guid":{"rendered":"https:\/\/www.propelex.com\/?p=3854"},"modified":"2023-11-01T17:44:02","modified_gmt":"2023-11-01T17:44:02","slug":"ics-ransomwares-prime-target","status":"publish","type":"post","link":"https:\/\/www.propelex.com\/ics-ransomwares-prime-target\/","title":{"rendered":"ICS: Ransomware’s Prime Target"},"content":{"rendered":"
ICS systems: Ransomware’s Prime Target. Learn how to fortify critical infrastructure against digital threats.\u00a0Attacks against medical centers and other operating entities tend to garner the most headlines, and with good reason. During the COVID-19 pandemic, gangs like Conti and REvil victimized critical infrastructure sectors such as healthcare and food\/agriculture services.<\/p>\n
However, no industry is spared from ransomware attacks. In fact, in 2022, construction and property businesses came in eighth place for targeted industries in a survey conducted by Sophos.<\/p>\n
Unlike traditional IT systems, industrial control systems (ICS) monitor or control physical processes in industries such as manufacturing and utilities. An attack on an ICS could cause physical damage or disruption, and the impact may be far reaching, affecting all stakeholders. The ICS networks of the aforementioned sectors were often built at a time before cybersecurity was a major concern, and they may contain vulnerable devices. As a result, attackers may be able to gain access to the systems and take over operations \u2014 stealing data or holding the systems at ransom.<\/p>\n
While many ICS operators have taken steps to improve their security posture, experts believe that hackers will continue to exploit weaknesses in the sector. In fact, some ICS cyberattacks are even more dangerous than traditional IT attacks. For example, if an attacker were to target a PLC in an ICS network and successfully spread the infection across the entire system, it could lead to the poisoning of city water or a loss of power to an entire region.<\/p>\n
Attacks on ICS can also result in significant financial losses. A recent incident in which the ticketing machines of San Francisco\u2019s Muni transit systems were infected with ransomware led to days of delays and a backlog in tickets that cost the company thousands of dollars. A similar attack hit JBS Foods, the world\u2019s largest meat supplier, resulting in the shutdown of plants and panic buying that caused price hikes in several states.<\/p>\n
According to Sophos, construction and property businesses are frequent ransomware targets. For instance, public-traded real estate investment firm Marcus & Millichap suffered a ransomware attack in 2020 that TechTarget suspects was perpetrated by the BlackMatter gang. Another common attack target is MSPs. In a 2022 report, Unit 42 found that 40% of MSPs suffered ransomware attacks in the previous year.<\/p>\n
In addition to these high-profile attacks, many ICS firms face challenges in securing their networks due to a lack of visibility into their own environments. A recent Dragos study found that 89% of manufacturing companies have poor visibility into their OT environments and that they have the highest rates of attack from malware such as Lockbit, REvil and Conti.<\/p>\n
The cybersecurity industry has long acknowledged that industrial systems are a key target for ransomware attacks. But despite the wake-up call of the 2021 Colonial Pipeline incident, the industry continues to struggle with security. Many industrial environments rely on aging technology, often with a dated operating system that may not receive security updates. This can make the underlying technology vulnerable to the same TTPs used by ransomware attackers. The resulting attack can impact both IT and OT networks, and the disruptions that can ensue can be severe.<\/p>\n
The issue is even more problematic in the case of OT networks, which are not designed to handle such attacks and are typically less resilient. This means that industrial users must ensure that OT-specific applications are isolated from IT applications. The good news is that there are steps organizations can take to mitigate these risks, including ensuring the use of strong passwords, deploying software patches and implementing multi-factor authentication. However, it\u2019s important to remember that these security measures won\u2019t prevent all attacks and can only reduce the impact of a ransomware incident, not eliminate it.<\/p>\n
According to a 2022 report from industrial cybersecurity firm Dragos, attacks on critical infrastructure organizations nearly doubled in the previous year. These attacks impacted a number of manufacturing sectors and subsectors, including metal components, electronics (IT) and automotive. The research also pointed out that many of these attacks resulted from phishing email and remote desktop protocol exploitation, along with the exploitation of software vulnerabilities.<\/p>\n