Industry, Infrastructure and Manufacturing Cyberattack Danger is Rising

---

Risk to Critical Goods & Services is Compounded by Nation-State Threats 

---

Infrastructure and industrial cyberattacks have been a hot topic in security. The subject has only grown more complex as the Russia-Ukraine conflict unfolds, raising awareness of the possibility of weaponized cyberattacks against infrastructure. Several 2021 cybersecurity incidents drew public scrutiny to the danger that is presented by attacks on a country’s infrastructure, manufacturing and industrial capability. Legislators and taxpayers learned a painful lesson, especially as fuel shortage rumors swirled in the US: cyberattacks can be something that causes a great and dangerous disruption to the average person’s life. That impact can grow even larger in times of war when cyberattacks become precise strategic weapons, compounding danger for providers of critical goods and services.

---

---

Cyberattack Fears Drive Legislative Action

---

The fraught atmosphere around infrastructure attacks has spurred action from the U.S. government. Just this week, Congress passed the Strengthening American Cybersecurity Act (S. 3600) on March 10, 2022. The Act, a collection of three cybersecurity-related bills sponsored by senators Gary Peters (D-Mich.) and Rob Portman (R-OH), is expected to be signed into law quickly by US President Joseph R Biden. It’s aimed at tightening security and reducing incident response time in the event of a major industrial or infrastructure attack.  

An important change to how cyberattacks against businesses have traditionally been handled within the U.S. is a major provision of the legislation. Companies that are designated as components of the country’s critical infrastructure including organizations in finance, transportation, energy and other sectors are mandated to report “significant” cybersecurity breaches to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of the incident’s start. If the covered entity in question has paid a ransom to extortionists, that timetable accelerates to require reporting within 24 hours. The Director of CISA will engage in notice-and-comment rulemaking to determine which if any of the 16 critical infrastructure sectors identified in Presidential Policy Directive 21 will be designated “covered entities” and subject to the requirements of this bill. 

Learn more about US federal legislation, policy, rulemaking and initiatives around security in The Week in Breach.

---

---

Believe the Hype

---

Make no mistake, it’s not just hysteria – critical infrastructure, manufacturing and industry are firmly in cybercriminal sights, and they’ve not been shy about deploying ransomware in that direction. A whopping 80% of critical infrastructure organizations reported that they’d experienced a ransomware attack in the last year. IBM speculates that the pace of attacks on targets like these has been increasing for one very simple reason: money. Cybercriminals know that hitting organizations that are lynchpins in the supply chain or conduct time-sensitive business gives them an excellent chance of getting paid. 

Unfortunately, that analysis is dead on. More than 60% of industrial organizations that were hit by ransomware last year paid the ransom, which for more than half of the impacted companies ran to $500,000 or more. Those ransoms weren’t chump change either. 45% of industrial victims faced a ransom in the $500,000 to $5,000,000 range, For the majority of industrial organizations hit (48%), the ransom demand was below $500,000. But 7% of impacted organizations were nailed with a ransom demand in excess of $5,000,000.   

---

---

Organizations in These Industries Experienced the Highest Risk 

---

Every designation within the industry, manufacturing and infrastructure sectors is at risk of a cyberattack, and heightened nation-state cybercrime risk isn’t helping matters. IBM’s X-Force Threat Intelligence Index 2021 drilled deeper into the industrial and infrastructure cybersecurity risk to determine which industries came under siege the most in 2021. One surprise was that the manufacturing sector replaced financial services as the top attacked industry in 2021, victimized in 23.2% of the attacks X-Force remediated last year.  

OT Industries Targeted, 2021 

Industry	% of Total
Manufacturing	61%
Oil & Gas	11%
Transportation	10%
Utilities	10%
Mining	7%
Heavy & Civil Engineering	1%

Source: IBM X-Force Threat Intelligence Index 2021 

Ransomware/malware was the top attack type, accounting for 23% of attacks on manufacturing companies. It’s also the favored attack vector of nation-state threat actors, making defense against ransomware and malware mission-critical for companies in those sectors. Worse yet, a ransomware attack enabled the attackers to take control of industrial control systems (ICS) or other operational technology (OT) at 47% of the industrial and infrastructure organizations hit by ransomware. Manufacturers had more trouble defending their OT than anyone else. More than 60% of incidents at OT-connected organizations last year were in the manufacturing industry, and 36% of those attacks were ransomware.  

Attack Types on OT, 2021 

Attack Type	% of Total
Ransomware	36%
Server access	18%
DDoS	11%
Credential harvesting	9%
Insider	9%
RAT	9%
Botnet	4%
Webshell	2%
Worm	2%

Source: IBM X-Force Threat Intelligence Index 2021 

---

---

Exposed Data Makes a Bad Actor’s Job Easier

---

Bad actors taking control of ICS and OT is exactly the nightmare scenario that people fear. Unfortunately, these security failures at OT-connected organizations only set them up for more trouble in the future. In a study on the dangers that cyber dangers like ransomware attacks could have for operational technology, Mandiant analysts discovered that one in seven attacks gave the bad guys access to sensitive information about OT. Out of 3,000 data leaks originating from ransomware attacks, the study identified at least 1,300 exposures from critical infrastructure and industrial production organizations that use OT.  

That kind of information helps cybercriminals architect better, more effective and more damaging attacks against manufacturing, industrial and infrastructure targets on their next go-round. The data acquired in ransomware attacks against OT-enabled organizations isn’t hard to find. Researchers found all manner of useful OT information exposed in dark web data dumps. While some of that data is of the routine (yet still dangerous) username and password variety, other types of data found in dark web dumps and forums included IP addresses, remote services, asset tags, original equipment manufacturer (OEM) information, operator panels and network diagrams.   

---

---

Nation-State Threats Actors Profit from Industrial Data Breaches

---

Another danger of exposed OT data is that all of that sensitive information floating around on the dark web is a boon for Advanced Persistent Threat (APT) groups, who can use it to devastating advantage.  A recent CNN report offered some concrete examples of how infrastructure and industrial targets have been compromised and in one case, weaponized.  

• In 2015, Russian nation-state hackers attacked Ukraine’s power grid, knocking out power for more than 200,000 consumers. They struck again in 2016, knocking out 1/5 of Kyiv’s power briefly.  
• In 2017, Russian government lab-built tools were used to penetrate ICS at a Saudi petrochemical plant with the aim of setting off an explosion that fortunately never happened. 
• The Department of Homeland Security revealed that a group of state-sponsored hackers from Russia had compromised the networks of multiple US electric utilities. 
• Suspected Russian threat actors (thankfully unsuccessfully) targeted a nuclear power plant in Kansas in a “watering hole”-type attack.  
• Just two weeks ago, an estimated 10 thousand people found themselves without internet access after a cyberattack, likely perpetrated by Russian threat actors, took down service to fixed broadband customers in Ukraine and elsewhere. 

---

---

High Levels of Danger Require a Powerful Defense

---

As technology becomes ever more integrated into daily life, protecting businesses in every sector from ransomware attacks is vital. ID Agent can help.  

BullPhish ID is the ideal solution for organizations of any size to trust for security awareness and compliance training. Empower employees with the knowledge that they need to spot and stop the threat they see the most: phishing  

• Train users on subjects like compliance, credential handling, ransomware, industry regulations and more all in one place. At least 4 new training videos are added every month on the latest security and compliance issues.  
• Run memorable phishing simulations your way with plug-and-play kits or fully customizable kits to reflect your company’s unique needs and threats.  
• Enjoy a huge library of content in 8 languages with built-in quizzes and automated performance reports to prove value and see who needs more help 

Stop credential compromise threats before they start by ensuring that your company isn’t going to receive a nasty surprise from the dark web with the award-winning power of Dark Web ID.

• 24/7/365 best-in-class dark web monitoring that you can feel confident about   
• Real-time search allows you to find compromised credentials in minutes 
• Monitor business and personal credentials, domains, IP addresses and email addresses effortlessly

---

---

---

---