You are here

ICS/OT Cyber Resilience – Dragos’ 2023 OT Cybersecurity Year in Review: Insights on New Activity Groups, Industrial Ransomware, and ICS/OT Vulnerabilities

ICS/OT Cyber Resilience – Dragos’ 2023 OT Cybersecurity Year in Review: Insights on New Activity Groups, Industrial Ransomware, and ICS/OT Vulnerabilities

Created: Tuesday, February 20, 2024 - 13:51
Categories:
OT-ICS Security

Dragos published its 2023 OT Cybersecurity Year in Review today. In its seventh iteration, this comprehensive report contains the latest threat intelligence on adversary activity targeting OT environments, industrial risk of ransomware, the state of OT vulnerabilities, and more. Dragos shares predominate insights, poignant lessons learned, and proactive recommendations in this annual data-driven analysis of ICS/OT focused cyber threats and vulnerabilities.

According to Dragos’ observations, 2023 was marked with rising tensions and financial opportunity which continued to spur a wide variety of actors to target industrial environments - including hacktivists, criminal gangs, and three new Dragos-designated Threat Groups.

A few notable highlights from the report:

  • If you haven't assessed your external infrastructure for critical systems yet, 2024 is the time.
  • If you haven't segmented your network yet, the best time for that was in the 2000s; the second best time is now.
  • Three New ICS-focused Threat Groups. Dragos Intelligence identified three new threat groups in 2023 – VOLTZITE (which overlaps with Volt Typhoon), GANANITE, and LAURIONITE. According to Dragos’ analysis, all three groups possess capabilities that target and exploit public-facing infrastructure used or owned by victim organizations. While none of the three threat groups have been observed using any ICS-specific capabilities, their persistent interest in industrial organizations and access to sensitive OT data is a cause for concern.
    • Dragos observed threat groups, including GANANITE and LAURIONITE, targeting some of these sectors with the least mature environments (transport, manufacturing, water utilities).
  • Conflict-Driven OT Cyber Threats. One of the most notable threats that impacted water and wastewater utilities this year emanated from the Israel-Hamas conflict, “when the self-styled CyberAv3ngers hacktivist group successfully executed disruptive attacks on OT and impacted critical utilities in the United States and Europe” by exploiting internet-accessible Unitronics PLC devices.
  • Industrial Ransomware Attacks. LockBit ransomware was the most-used ransomware variant against industrial organizations throughout 2023 – which makes the LockBit disruption news even better.

For much more insight and analysis on threats to ICS/OT, members are encouraged to access the full "2023 OT Cybersecurity Year in Review" and sign up for the 3-part 2022 YIR Webinar series at Dragos.

For additional resources and assistance in OT/ICS cybersecurity strategy, members are encouraged to check out Dragos OT-CERT. WaterISAC Partners with New Dragos OT-CERT to Help Underserved Water and Wastewater Systems (June 2022)