Dragos reports increase in industrial ransomware attacks

Dragos

Friday, 04 August, 2023
Dragos reports increase in industrial ransomware attacks

The second quarter of calendar year 2023 proved to be a highly active period for ransomware groups, posing significant threats to industrial organisations and infrastructure, according to Dragos’s latest ransomware attack analysis.

The rise in ransomware attacks on industrial targets and their consequential impacts highlights the rapid growth of ransomware ecosystems and the adoption of different tactics, techniques and procedures by these groups to achieve their objectives. In Q2 2023, Dragos observed that out of 66 groups monitored, 33 continued to impact industrial organisations. These groups continued to employ previously effective tactics, including exploiting zero-day vulnerabilities, leveraging social engineering, targeting public-facing services and compromising IT service providers.

Dragos said that in Q1 2023 it assessed with moderate confidence that ransomware groups would intensify their efforts to impact industrial organisations to meet their financial goals, given their dwindling revenues, due to the falling number of victims willing to pay ransoms. This assessment proved accurate when analysing the activities of these ransomware groups in the current quarter.

Notably, Dragos witnessed a significant surge in utilising various initial access techniques. For instance, the Clop group employed new zero-day vulnerabilities in MOVEit Transfer software to target numerous organisations, including major industrial vendors and oil and gas companies.

Additionally, BianLian utilised remote monitoring and management software, such as AnyDisk. BianLian focused on the data-centric extortion model, while others moved to the double extortion model. Dragos also observed an overlap in victim profiles between some ransomware-as-a-service (RaaS) groups, initial access brokers and phishing-as-a-service groups.

Dragos assessed with moderate confidence that Q3 2023 will witness increased business-impacting ransomware attacks against industrial organisations for two reasons. First, the prevailing political tension between NATO countries and Russia motivates Russian-aligned ransomware groups to continue targeting and disrupting critical infrastructure in NATO countries. Second, as the number of victims willing to pay ransoms diminishes, RaaS groups have shifted their focus towards larger organisations, resorting to widespread ransomware distribution attacks to sustain their revenues.

One notable Q2 incident was the attack on the Port of Nagoya in Japan, which impacted the port’s operations and subsequently affected the supply chains of other industrial organisations, including the Toyota packaging line. Another notable incident was the ransomware attack on the pharmaceutical company Eisai that disrupted their logistics systems, leading to operational disruptions.

Dragos said it identified 253 ransomware incidents in Q2 2023, an 18% increase from the previous quarter. Dragos analyses ransomware variants impacting industrial organisations worldwide and tracks ransomware information via public reports and information uploaded to or appearing on dark web resources. By their very nature, these sources report victims that allegedly pay or otherwise ‘cooperate’ with the criminals. However, there is no 1:1 correlation between total incidents and those that elicit victim cooperation.

Ransomware by sector and subsector

Ransomware attacks by ICS sector and manufacturing subsctor, Q2 3023.

Ransomware attacks by ICS sector and manufacturing subsctor, Q2 3023. For a larger image click here.

Seventy per cent of all alleged ransomware attacks impacted the manufacturing sector (177 incidents total). Next was the industrial control systems (ICS) equipment and engineering sector, with 16% of attacks (41 incidents), where 30 incidents impacted ICS equipment entities and 11 incidents impacted ICS engineering entities. The transportation sector was targeted with 5.5% (14 incidents), and the oil and natural gas sector around 4% of attacks (10 incidents). The mining sector was impacted by 2% of the attacks (five incidents), followed by the renewable energy sector (three incidents), water sector (two incidents), and one incident impacting the electric sector. The industrial ransomware incidents that Dragos tracked last quarter impacted 20 unique manufacturing subsectors. Top was equipment manufacturing with around 15% (26 attacks), followed by the electronic manufacturing sector with 13% or 23 incidents.

More detailed analysis is available here.

Top image: iStock.com/WhataWin

Related News

Research highlights remote access risks facing critical OT assets

Claroty bolsters secure access solution to enable safe operations for cyber-physical systems.

ARM Hub forms partnership with Databricks

The Databricks platform will support the ARM Hub's AI-as-a-service for manufacturers.

Rockwell Automation adds GenAI to Fiix Asset Predictor

Rockwell's Fiix Asset Predictor now offers a generative AI prescriptive work orders capability.

Content from other channels on our network

Vic launches new guidance, campaign targeting forklift safety

Vic to enforce engineered stone ban from 1 July

Company fined for failing to protect workers at height

Engineered stone supplier fined for silica dust exposure

Nominations open for 2024 WorkSafe Awards

Designing safer, higher-performance lithium batteries

Bacteria 'nanowires' could help develop green electronics

A new class of silicon systems for AI connected devices

AI chips could get a sense of time

Expanding on the principles of fluid dynamics

How to rewire onsite safety for electrical workers

Redback Technologies returns following voluntary administration

Electric school buses: healthier and more cost-effective?

Govt expands energy apprenticeships program

Siemens to support Gippsland's energy transition

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd