In 2022, breakthrough evolution in the development of malware targeting industrial control systems (ICS), scaled ransomware attacks against manufacturing, and geopolitical tensions brought increased attention to the industrial cyber threat landscape, according to the 2022 Dragos ICS/OT Cybersecurity Year in Review.
As in previous years, the ICS/OT community have managed a growing number of vulnerabilities, many without the right mitigations needed to reduce risk and maintain operations. Meanwhile electric grids, oil and gas pipelines, water systems, and manufacturing plants continued to struggle with more complex regulatory environments that demand marked progress in shoring up defences.
Related article: Report highlights energy sector cyber threat vulnerability
Dragos identified two new ICS threat groups targeting industrial control systems and operational technology in 2022: CHERNOVITE and BENTONITE. Both threat groups demonstrate sophistication and adaptability, and one group is the developer of malware capabilities that achieve Stage 2 of the ICS Cyber Kill Chain and execute an ICS attack.
The CHERNOVITE Threat Group is the developer of PIPEDREAM, the seventh ICS-specific malware and a modular cross-industry toolkit. To develop PIPEDREAM, CHERNOVITE demonstrated a not yet seen before breadth of knowledge of ICS protocols and intrusion techniques available to produce an effect in OT environments. Dragos assesses with high confidence that CHERNOVITE is highly motivated, well-funded, and skilled in software development methods. CHERNOVITE has developed the capabilities to achieve Stage 2 of the ICS Cyber Kill Chain and execute an ICS attack.
BENTONITE is a new threat group increasingly and opportunistically targeting maritime oil and gas (ONG); state, local, tribal, and territorial (SLTT) governments; and manufacturing sectors since 2021. BENTONITE conducts offensive operations for espionage and disruptive purposes, targeting vulnerabilities in internet-exposed assets to facilitate access.
Ransomware is cited as the top financial and operational risks to industrial organisations. Out of the 57 ransomware groups targeting industrial organisations and infrastructures, Dragos observed, through public incidents, network telemetry, and dark web resources, that only 39 groups were active in 2022.
Related article: Neo-Nazi couple plots sniper attack on US substations
Dragos identified 605 ransomware attacks against industrial organisations in 2022, an increase of 87% over last year. Manufacturing claimed the highest share, a staggering 72%, but ransomware attacks spanned many industries, including food and beverage, energy, pharmaceuticals, oil and gas, water, mining, and metals.
The full Dragos 2022 ICS/OT Cybersecurity Year in Review report and associated charts can be found here.
