Ransomware attacks against industrial organizations are up 87% in 2022 from the previous year, with most malicious software targeting the manufacturing sector, according to findings published Tuesday.
Hackers targeted mining industries in Australia and New Zealand last year and continued to target renewable energy companies in the US and European Union, according to cybersecurity firm Dragos Inc. in a report. Attackers also increased or accelerated their attacks on the energy, food, water, electricity and natural gas sectors, the company found.
“They are certainly looking to do much more than produce electricity and oil and gas,” said Robert M. Lee, CEO of Dragos.
Dragos also discovered that one ransomware hacking tool can disrupt tens of thousands of systems that help manage the global electricity infrastructure, gas pipelines and water utilities. The so-called Pipedream malware, linked to the Chernovite threat group, can be reused against targets in a variety of industries and can compromise a wide range of industrial systems, Dragos said.
Dragos also stressed that threats to the energy sector and critical infrastructure have increased after Russia’s invasion of Ukraine in February 2022. While Dragos said malicious activity was ultimately less profound than expected, it nevertheless said that an unnamed Ukrainian energy company was still dealing with a “considerable attack”.
To ward off attacks in general, the company advised organizations to create effective response plans, have tools to monitor their infrastructure, and secure access to their systems by implementing two-factor authentication.
The report comes after other findings suggested there was a decline in successful hacking related to extortion. Overall, payments to ransomware groups fell sharply in 2022, with victims sending $456.8 million to hackers, up from $765.5 million in 2021, according to blockchain analytics firm Chainalysis Inc.
Related: Fewer companies are paying ransoms to hackers, researchers say
In recent weeks, ransomware attacks have disrupted derivative training and hampered public school systems in Arizona and Massachusetts.
Photo: Photographer: Chris Ratcliffe/Bloomberg
Copyright 2023 Bloomberg.
subjects
Trend Cyber
