Blog
Jan 20, 2022
5 min read

Why Ransomware Attacks On OT Systems Are Growing

When it comes to cybersecurity, the focus is often on information technology (IT). Historically, organizations have primarily invested their security budgets in prevention-based controls like anti-virus solutions, firewalls, basic authentication tools, etc. 

However, industries and their environments are evolving, and so are cyber threats. Hackers today have access to more sophisticated tools and systems than ever before. It’s become increasingly clear that preventative measures are not enough, especially when it comes to securing operational technology (OT) assets.

Last year, the Cybersecurity and Infrastructure Security Agency (CISA) even released a fact sheet that emphasized the escalating vulnerability of OT systems to ransomware attacks. 

Why OT Systems Are a Tempting Target for Ransomware

OT assets may include critical industrial equipment or infrastructure that assures the running of operations such as an oil refinery or water treatment plant. When cybercriminals target unsecured OT systems with ransomware or other malware, they can disrupt real, physical processes and bring operations to a standstill.

But why are OT systems more vulnerable to attack than their IT counterparts? One major reason is that patching and updating is substantially harder (if not impossible) in the OT sphere.

Many organizations overlook updating legacy OT systems because it takes too much time and resources. Shutting down a factory for a day or even just several hours in order to install updates or patches may not be an economically viable option. Unfortunately, this lack of regular updates to OT systems can leave them exposed to bad actors. 

In addition to knowing that OT systems are relatively easy to hack, cybercriminals are well aware that compromising an OT device can cause severe, tangible consequences that operators are desperate to avoid. With OT systems, there’s more than financial losses at stake. The physical cost of shutting down a water treatment plant or stopping oil production is so great that compromised businesses may be more likely to pay a hefty ransom to prevent serious disruptions to their operations.

To share just two memorable examples, FedEx paid $300 million in a ransomware attack on its TNT Express division in 2017. The same year, Maersk had to pay $300 million to the NotPetya ransomware attacker. 

Ransomware with Real-World Consequences

It bears repeating that ransomware targeting OT systems involves not only large sums of money but other potential damages, too. Perhaps the Colonial Pipeline hack illustrates most clearly the wide range of harm that a ransomware attack against OT can do. Apart from locking Colonial’s data for a $5 million ransom, the attack led to a short-term fuel shortage and a very real jump in gas prices.

The destructive potential that OT systems present as easy targets can attract not only opportunistic hackers but also even more dangerous cyber terrorists and state-sponsored hackers. Also, since cyberattacks against OT systems are a recent phenomenon, many organizations are either unaware of the risk or are simply not paying sufficient attention to the security of these systems. 

How to Protect Against OT Attacks in 2022

The CISA fact sheet referenced previously includes some valuable guidance for protecting OT assets. 

First, organizations need to identify their critical equipment and essential processes to continue operations without interruptions. Maintaining an inventory of assets, evaluating their cyber risks and identifying the IT network interdependencies are some recommended measures. 

Another suggestion is to develop backup procedures and test them regularly. Plan B should be ready to go so that operations don’t come to a halt if in the case of an attack. Organizations should have manual controls ready so that ICS networks can be isolated if needed. 

Third, companies need to assess the security of their IoT devices before implementing them. Management should also make it mandatory to turn on all the built-in security features and share them on different networks to reduce the threat. A third-party penetration test needs to be done from time to time to determine whether OT systems are secure. 

Finally, implementing a zero trust security model to manage permissions and authorization will ensure only authorized users can access critical OT applications. By controlling and monitoring users with MFA, inverse channels, auditing and more features, CISOs can ensure governance and feel more confident with a technologically advanced cybersecurity measures.

These are a few methods that will help organizations become more resilient to OT attacks and continue operations even if there is a breach in security. 

Conclusion

OT security was not always seen as a critical focus of cybersecurity. But as industry 4.0 evolves, OT security has become a primary concern for all. It is a must for businesses to secure their OT systems now to prevent ransomware and other types of potentially crippling cyber attacks. Adopting the zero trust framework is an innovative and secure way to do so. 

To learn more, watch the on-demand webinar “How to Stop Ransomware Attacks in 2022 and Beyond,” featuring special guest David Holmes of Forrester.

Jennifer Tullman-Botzer

Author

Jennifer Tullman-Botzer is a cybersecurity nerd by day and a history nerd by night. She has over a decade of experience in cybersecurity marketing and is as tired as you are of hackers-in-hoodies stock images. Jennifer joined Cyolo in 2021 and currently serves as Head of Content. Prior to Cyolo, she worked in a variety of marketing roles at IBM Security. She lives in Tel Aviv, Israel.

Subscribe to Our Newsletter