Industrial cybersecurity company OTORIO released its list of industrial cybersecurity predictions for 2021, against the backdrop of an increase in COVID-19 accelerated ransomware attacks targeting industrial companies. Hackers took advantage of the shift to opening the shop floor to remote connections, leading to a surge in industrial ransomware attacks from less than five successful attacks per month in the first quarter of this year, to over 20 successful attacks per month from May onwards.
Cybercriminals are known to exploit large-scale disasters that influence online behavior trends, OTORIO said. While some of these risks existed in the pre-COVID era, they were amplified dramatically, as remote connections became rapidly adopted by many businesses worldwide.
The year ahead is likely to witness a rise in industrial cybercrime, targeting industrial companies and impacting revenue-generating operations. Ransomware surged 40 percent in 2020 as cyber attackers realize that the industrial sector is willing to pay six digit figures in order to resume revenue generating operations, and this trend is only expected to continue rising, OTORIO said.
Remote access to production floors has become a primary threat with attackers going for the weak link – outside of the OT network. Supply chain vendors often have unrestricted access to the production floor, giving attackers an easy way to laterally target industrial networks. OTORIO also expects ransomware to have more impact on production and revenues, with the average ransomware payout rising to over US$1 million. Shutting down an OT production floor can cease revenue generating activities, it added.
C-level management are becoming more involved in OT cybersecurity reflecting a trend of holding CEOs personally responsible for cyberattacks. OTORIO expects that in 2021, C-level management will be spending more time on industrial cybersecurity than they did in the past. Proactive risk avoidance is set to replace threat detection as the era of post-breach detection strategy has passed, and proactive risk avoidance is the new OT paradigm.
The geographical spread has left no populated continent safe. “We’ve seen attacks in 31 countries located in Africa, Asia, Europe, Oceania, South and North America,” OTORIO said. Close to 55 percent of attack victims were North American- based companies, over 20 percent were European-based companies and more than 15 percent were Asian-based vendors, it added.
Headquartered in Tel Aviv, OTORIO predicts that in 2021 the number of industrial ransomware attacks will be rising fast, and with it the average payout. An easy way to attack any company is through remote access. Instead of attacking a company directly, attackers hone in on a supply chain vendor who has remote access to the targeted company, OTORIO identified. Remote access tools are known to have vulnerabilities – often granting automatic over-reaching privileges by default when adding a new user.
When ransomware hits an industrial company, it may force a complete production shutdown, flattening important revenue-generating activities. OTORIO predicts that in 2021, there will be a significant increase in the number of companies affected by ransomware. Instead of merely settling for data theft, cybercriminals will increase their attempts to disrupt production by preying on production floors and backup systems.
Geopolitics will also play a bigger role in industrial cyberattacks. Operators of critical infrastructure including water, transportation, electricity, and oil and gas, will have to pay attention to the fact that they are on the front lines for adversary nation-states attacks. OTORIO recommends early preparation and taking proactive measures through penetration tests, incident response drills, and even increased intelligence and detection.
Earlier this week, OTORIO and Accenture Labs collaborated on research that aims at mitigating the impact of cyberattacks on manufacturing and industrial infrastructures by leveraging knowledge and experience in cyber digital twins and OT cybersecurity.