Logo

Top 10 Cyberattacks on Industrial and Critical Infrastructure of 2024 | Recorded Webinar

Key Takeaways:

  1. Objective: The session reviewed the top 10 cyber attacks on industrial control systems (ICS) and operational technology (OT) that impacted physical operations and critical infrastructure in 2024. The analysis was subjective, focusing on incidents with physical consequences due to cyber attacks.

  2. Major Findings from 2024:

    • Most attacks on OT and ICS with consequences were due to ransomware, accounting for over 80% of incidents.
    • An increase in activist-related attacks, focusing on critical infrastructure like water and energy utilities.
    • Direct OT system attacks were primarily carried out by nation-states and activist groups.
    • Only about one-third of attacks targeted OT directly, with the rest impacting operations indirectly through IT systems or dependencies.

  3. Top Incidents Discussed:

    • Hal Allergy: Ransomware attack impacted customer data systems, delaying order processing and delivery.
    • Welch Foods: A cyber attack led to a three-week shutdown of a food manufacturing plant.
    • Ride Movi: A fake app allowed unauthorized access to e-bikes, disrupting service.
    • Omni Hotels: Ransomware attack affected hotel operations, particularly room access and reservations.
    • Kronik: A ransomware attack halted circuit board manufacturing operations in the US and Mexico.
    • Barnetts Carriers: Attack led to bankruptcy of an Australian trucking company.
    • Multiple Water Utilities: Activist group attacks on water treatment plants had varied consequences, raising concerns due to potential links with Russian state actors.
    • Moss Collector: Nation-state malware targeted Russian utility sensors, highlighting increasing sophistication in attacks.
    • Frosty Goop: Novel malware directly attacked Ukrainian heating utilities, manipulating control systems.
    • Volt Typhoon: Persistent threat actor attempting to maintain access to critical infrastructure networks worldwide.

  4. Trends and Predictions for 2025:

    • Similar incident counts as 2024, with increased nation-state and activist-related attacks.
    • Potential decrease in ransomware-caused shutdowns.
    • Increased regulatory pressure and interest in improved cyber defenses.
    • Ongoing arms race in attack sophistication as defenders improve capabilities.
    • Rise in enforcement actions, although legal measures alone aren't sufficient to stop cyber threats.

  5. Recommendations and Countermeasures:

    • Strengthening segmentation between IT and OT networks.
    • Employing technologies like unidirectional gateways to protect against cyber threats.
    • Emphasizing a layered defense approach, acknowledging the impossibility of making any system entirely secure.

  6. Discussion on Transparency: There's a debate about the extent of information that should be disclosed publicly following cyber incidents, balancing between societal pressure for transparency and organizational protection.

  7. Manufacturer Responsibility: There's an ongoing effort among OT component manufacturers to enhance the security of their products, guided by initiatives like the Secure by Design campaign. However, the inherent vulnerabilities of software necessitate a comprehensive defensive strategy.

Share these insights with your friends