Dragos' Selena Larson and IBM’s X-Force co-authored a “Ransomware in ICS Environments” whitepaper released December 15th, reinforcing that ransomware remains an ongoing threat to industrial and critical infrastructure entities globally.
• Manufacturing was the most targeted industry (one-third of confirmed ransomware attacks on industrial organizations), followed by utility companies which make up 10%.
• Ransomware attacks on industrial entities increased more than 500% from 2018 to 2020.
• Newer ransomware strains have the ability to stop industrial processes.
• Ransomware operators are increasingly incorporating data theft and extortion operations into their attack techniques, potentially posing even greater impact from ransomware than disrupted operations through leaked intellectual property and other critical data.
• Data stolen and leaked on publicly available websites could provide ICS-targeting attackers with victim data that could inform or guide future ICS-disruptive attacks.
• Asset owners and operators should engage in effective defense-in-depth security strategies. Ensure an understanding of network interdependencies and conduct crown jewel analysis to identify potential weaknesses that could disrupt business continuity and production.
- Canadian CERTs
- CRISP - Cyber Risk Info Sharing Program
- DHS - NICC, NCCIC, US-CERT, etc
- DOE Complex
- E-ISAC AOO Members
- E-ISAC Staff
- FBI, LE Fusion
- FERC - OEIS, etc
- International (other ISACs, CERTs)
- Other (inc. local/state commissions)
- Trade Organizations
- Watch Floor
- E-ISAC Staff, 12/18/2020