Sectrio’s Global OT, ICS and IoT Threat Landscape report highlights growing cyber threats to critical infrastructure. The year 2023 saw a significant increase in cyberattacks, driven by new actors, breach tactics, and malware. Hackers widely used AI for various malicious activities, such as probing, managing C&C servers, modifying malware, and gathering information on potential targets.
The Lockbit group emerged as a prominent threat actor, running numerous campaigns and recruiting affiliates. Collaboration between threat actors, including APT groups, became more frequent, often driven by shared objectives or security vulnerabilities.
All regions experienced an increase in cyberattacks, in line with trends seen over the past five years. Gaps in security posture, lack of employee awareness, prevalence of unpatched legacy systems, and lack of a cohesive strategy for managing cybersecurity have contributed to the security challenges facing businesses.
Major trends in ICS security were observed, including widespread attacks against manufacturing plants, smaller utility entities, smart cities, and healthcare entities. Affiliate recruitment by major threat actors grew significantly, with affiliates modifying ransomware to evade detection. The attack surface expanded, especially in the utilities and oil and gas sectors.
State-backed actors focused primarily on public services, while independent hacker groups favored healthcare, manufacturing and education. Payload deployment and execution models have evolved, indicating increasing sophistication of threat actors.
Chinese and North Korean APT groups remained the most active globally, with North Korea’s Lazarus emerging as a major threat actor. The lack of structured and rapid incident response, along with the convergence of IT and OT, exacerbated security challenges.
The increasing sophistication of attacks was attributed to several factors, such as more organized hacking groups, the rise of independent hackers, and low prosecution rates. The threat landscape varied across regions, with geopolitical instability and active APT actors shaping cyberattacks.
Attacks on critical infrastructure increased, with state-backed actors from Russia, China, North Korea, and Iran actively targeting critical infrastructure in more than 100 countries. Attacks on the energy sector, in particular, have increased sharply, underscoring the need for robust cybersecurity measures to protect critical energy infrastructure.
The report also delves into attacks on specific sectors, such as manufacturing, oil and gas, and highlights intellectual property theft as a major concern. Ransom prices continued to rise, with cybercriminals demanding higher payments for the recovery of encrypted data.
Overall, the report paints an evolving cyber threat landscape that requires constant vigilance, proactive security strategies, and a comprehensive understanding of threat actor tactics to effectively protect critical infrastructure and IoT and OT systems.
Views: 146
