OT Threats

A recent memo from the Environmental Protection Agency’s Office of Inspector General shows that 9% of the public drinking water systems it scanned last month had “critical” or “high” priority cybersecurity vulnerabilities.

Bitsight finds critical vulnerabilities in several automatic tank gauge (ATG) products used in various critical infrastructure sectors.

A new report from security awareness training and simulated phishing platform vendor KnowBe4 revealed that critical infrastructure is under siege with cyber attacks increasing 30 percent in one year. The KnowBe4 report also identified that the consequences of these types of attacks are potentially devastating to nations, and thus geopolitical adversaries have made it a powerful addition to their arsenal of digital weapons.

Citing "heightened geopolitical tensions and adversarial cyber activity globally," industrial control systems (ICS) giant Rockwell Automation last month took the unusual step of telling its customers to disconnect their gear from the Internet. The move showcases not just growing cyber risk to critical infrastructure, but the unique challenges that security teams face in the sector, experts say.

Cyberattacks on critical national infrastructure – the systems that are required for a country to run – continue to rise. The UK’s National Cyber Security Centre said that the country’s critical sectors were facing an “enduring and significant threat amid a rise of state-aligned groups, an increase in aggressive cyber activity and ongoing geopolitical challenges.”

FBI Director Christopher Wray on April 18 warned national security and intelligence experts, as well as students, that risks the government of China poses to U.S. national and economic security are “upon us now”—and that U.S. critical infrastructure is a prime target.

Nearly a year after the U.S. government first named and shamed an ongoing Chinese hacking campaign against American infrastructure, top cybersecurity leaders say the threat is still as palpable as ever.

In 2023, a total of 1,193 reported ransomware attacks reported to the FBI, more than 2 in 5 of the total number of attacks, occurred in the critical infrastructure sector. The proportion of ransomware attacks hitting critical infrastructure grew from one-third of attacks reported to the FBI in 2022. Losses reported jumped 74% to almost $60 million last year.

Director Wray's Opening Statement to the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party

In the last year, the world’s critical infrastructure – the medical, power, communications, waste, manufacturing, and transportation equipment that connects people and machines – has been under near-constant attack. Forescout Research – Vedere Labs recorded more than 420 million attacks between January and December 2023. That is 13 attacks per second, a 30% increase from 2022.

The White House is sounding the alarm as critical U.S. infrastructure fails to implement even the most basic cybersecurity measures as providers of critical infrastructure in the United States are doing a sloppy job of defending against cyber intrusions.

The Chinese military is ramping up its ability to disrupt key American infrastructure, including power and water utilities as well as communications and transportation systems, according to U.S. officials and industry security officials. A utility in Hawaii, a West Coast port and a pipeline are among the victims in the past year, officials say.

A small western Pennsylvania water authority was just one of multiple organizations breached in the United States by Iran-affiliated hackers who targeted a specific industrial control device because it is Israeli-made, U.S. and Israeli authorities say.

In the month of May 2023, Danish, critical infrastructure was exposed to the most extensive cyber-related attack we have experienced in Denmark to date. 22 companies, that operate parts of the Danish energy infrastructure, were compromised in a coordinated attack. The result was that the attackers gained access to some of the companies’ industrial control systems and several companies had to go into island mode operation. The report describes the most extensive, cyber-related attack against Danish, critical infrastructure that we know of so far.

In late 2022, Mandiant responded to a disruptive cyber physical incident in which the Russia-linked threat actor Sandworm targeted a Ukrainian critical infrastructure organization. This incident was a multi-event cyber attack that leveraged a novel technique for impacting industrial control systems (ICS) / operational technology (OT).

US officials are concerned that the Beijing-directed cyberattacks could be a precursor to military disruption and broader destructive attacks on citizens and businesses.

Thousands of companies could be at risk from an actively exploited Citrix zero-day that hackers have already abused to target at least one critical infrastructure organization in the United States.

Russia’s war strategy increasingly involves cybersecurity, with the country expected to ramp up attacks on critical infrastructure in Ukraine and countries that are members of NATO, according to Switzerland’s Federal Intelligence Service (FIS).

China poses a growing threat to U.S. electric infrastructure and could potentially disrupt the power grid, gas and pipeline systems by exploiting compromised equipment and harnessing emerging artificial intelligence technologies for cyberattacks, experts told Congress on Tuesday.

In 2022, a 140% surge in cyberattacks against industrial operations resulted in more than 150 incidents, per a recent Waterfall Security report. In an ominous warning, the report says, “At this rate of growth, we expect cyberattacks to shut down 15,000 industrial sites in 2027, that is: in less than five years.”