The recent Cybersecurity Year in Review report from Dragos, the worldwide cybersecurity experts for critical infrastructure and industrial sectors, has revealed an upsurge in politically-driven cyber attacks, ransomware, and the emergence of fresh threat clusters. The analysis indicated that infrastructural organisations have seen almost a 50% increase in reported incidents from emerging threats such as VOLTZITE, which has a linkage to Volt Typhoon.

Conor McLaren, Principal Hunter at Dragos, noticed that "Despite its geographical isolation, Australia is not exempt from adversaries targeting industrial organisations globally. Our team has observed numerous instances of adversaries directly targeting Australian critical infrastructure entities, from financially motivated ransomware attacks to hacktivist campaigns and even strategic cyber espionage operations."

Robert M. Lee, Co-founder and CEO of Dragos, explained that many industry sectors often deploy the same industrial devices, technologies, and facility designs across all sites, which makes them an attractive target to threat groups. This encompasses a diversity of sectors that include electric, oil & gas, manufacturing, building automation systems, government, telecommunications, water, food & beverage, mining, transportation, chemical, and pharmaceutical industries.

“OT cyber threats reached a tipping point in 2023," said Lee. "These factors contributed to an environment in 2023 in which organisations were challenged with a range of threats, including increasingly sophisticated state actors, hacktivists preying on pervasive security weaknesses, and a growing barrage of ransomware attacks.” Lee also pointed out that there were positive developments in cybersecurity in 2023, including more collaborations between vendors, governments, and the community to enable a unified, risk-based response to threats.

The 2023 Dragos OT Cybersecurity Year in Review report identified three new OT threat groups - VOLTZITE, GANANITE, and LAURIONITE. VOLTZITE targets power generation, transmission and distribution, while GANANITE targets critical governmental and infrastructural entities in the Commonwealth of Independent States and Central Asian nations. LAURIONITE predominantly targets Oracle E-Business Suite iSupplier web services and assets across automotive, manufacturing and aviation sectors.

Ransomware continues to be the primary threat in the industrial sector, skyrocketing 50% from 2022. Manufacturing was the main target of ransomware attacks, accounting for 71% of all such cyber-attacks, with a large number of ransomware incidents occurring in North America (44%), followed by Europe (32%).

Dragos also spotted some common challenges for industrial organisations. For example, the lack of sufficient security controls was found in about 28% of service engagements, with improper network segmentation or improperly configured firewalls often being the cause. The report also discovered that the exploitation of public-facing devices and external services was a common issue, with four threat groups known to have exploited these weaknesses.