New OT threat groups include VOLTZITE linked to Volt Typhoon; ransomware attacks grew 50 percent; state actors and unsophisticated hacktivist groups gained ground against OT systems.
Cybersecurity companies busily conduct surveys and issue reports. This news concerns Dragos’ release of its sixth annual OT Cybersecurity Year in Review report.
The report named the emergence of three new threat groups, including VOLTZITE linked to Volt Typhoon, and found that ransomware continued to be the most reported cyber threat among industrial organizations with a nearly 50% increase in reported incidents. 2023 also saw the first time a hacktivist group achieved Stage 2 of the ICS Cyber Kill Chain.
Based on data gathered from annual customer service engagements conducted by Dragos’s cybersecurity experts in the field across the range of industrial sectors, the top challenges industrial organizations need to address are:
- Lack of Sufficient Security Controls: 28% of service engagements involved issues with improper network segmentation or improperly configured firewalls.
- Improper Network Segmentation: Approximately 70% of OT-related incidents originated from within the IT environment.
- Lack of Separate IT & OT User Management: 17% of organizations had a shared domain architecture between their IT and OT systems, the most common method of lateral movement and privilege escalation.
- External Connections to the ICS Environment: Dragos observed four threat groups exploiting public-facing devices and external services and issued findings related to externally facing networks such as the internet in 20% of engagement reports.
