Industrial Control Systems: The New Target of Malware

During 2020, CISA issued 38 cyber alerts ranging from nation-state actors like Iran and North Korea to known ransomware specifically targeting pipeline operations and notably the last alert issued on December 17, 2020, Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, for the SolarWinds supply chain attack.

2020 represents a 660% increase in cyber alerts over 2019, during which CISA issued five cyber warnings over the full year.

Organizations across the board also saw a growing number of adversaries targeting and attacking industrial control systems (ICS) and operational technology (OT) networks. It’s a trend that is clearly continuing into the new year (‘Dangerous Stuff’: Hackers Tried to Poison Water Supply of Florida Town).

And as the attack surface continues to expand for critical infrastructure with owners and operators adopting new technologies to improve operational efficiencies, the increased vulnerabilities and targeting of ICS systems and OT networks is expected to rise.

Targeting OT networks and the increase ICS-focused malware

On the IT side of the house, malware is a big industry. Ransomware (a type of malware that restricts access for a ransom payment), for example, is forecasted to reach $20 billion in global damage costs this year, nearly double the figure in 2019 and triple the 2018 number.

And there is clear precedent for the quick payout nature and ROI of ransomware activities. Last year, Garmin fell victim to WastedLocker and reportedly paid a $10 million ransom. Other 2020 ransomware victims include electronics manufacturer Foxconn, a U.S. pipeline, and Toll Group — who was hit twice during the year — to name a few.

There’s also been an increase in the level of programming and flexibility of malware over the last few years. And this new breed of malware has (Read more...)

*** This is a Security Bloggers Network syndicated blog from The Mission Secure Blog authored by Paul Robertson. Read the original post at: