Researchers say that three new threat groups targeting the industrial sector have appeared, but over half of all attacks are the work of only two known cybercriminal outfits. Cyberattacks launched against industrial players, providers of critical infrastructure, utilities, and energy companies — whether oil, gas or renewables — are often less about making a quick buck and more about data theft or causing real-world disruption. The ransomware incidents experienced by Colonial Pipeline and JBS called attention to the ramifications of digital attacks on supply chains. After Colonial Pipeline temporarily halted delivery services to investigate a cyberattack, fuel panic-buying took place across parts of the United States. JBS, a global meatpacker, paid an $11 million ransom, but this was not enough to prevent delays in meat pricing and a drop in cattle slaughter due to market uncertainty. Industrial cyberattacks, especially those conducted by advanced persistent threat (APT) groups, can also be political in nature. There is brewing tension between Russia and Ukraine, and the former has been accused of responsibility for ongoing cyberattacks, including a distributed denial-of-service (DDoS) assault on government websites. Financial services in the country have also been impacted. The Kremlin has denied any involvement. Russia has also been accused of a 2015 cyberattack that took down Ukraine’s power grid.
Sophisticated threat actors often target organizations using ICS or OT technology in their environments, as targeting critical infrastructure, especially energy related infrastructure, is often of strategic importance in geopolitical conflicts. The best practice is to segment ICS and OT environments in a separate network from endpoints that are accessing the Internet and thus are potentially vulnerable to a phishing attack or other means of gaining initial access.