Why Are Ransomware Attacks Against OT Increasing?
Most discussions around cybersecurity understandably focus on information technology (IT). Assets like cloud services and data centers are typically what companies spend the most time and effort securing. Recently, though, operational technology (OT) has come under increasing scrutiny from leading security experts in both the private and public sectors.
In June, for instance, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet about ransomware attacks on OT. The publication references a growing trend of ransomware targeting these systems. Attacks on OT, especially critical infrastructure, are certainly concerning, but it may not be immediately clear why they’re growing.
Here’s a closer look at ransomware attacks on OT, what drives them, and how companies can prevent them going forward.
A Growing Attack Surface
Traditionally, OT hasn’t been a major cybersecurity concern because these machines operated independently of other systems or featured no digital entry points. As the Industrial Internet of Things (IIoT) has grown, however, this is no longer the case. Everything from manufacturing robotics to logistics networks to power grids now features IoT connectivity, increasing potential attack surfaces.
IoT connectivity now rivals non-IoT device connections in terms of the number of connected devices. Every single one of these endpoints also represents a potential access point for malicious hackers. Wireless connectivity gives cybercriminals access to infrastructure like utility lines and building management systems where none previously existed.
As organizations’ attack surfaces grow, it becomes increasingly challenging to secure all endpoints. Cybercriminals have capitalized on this opportunity, too, with overall ransomware attacks rising 195% in Q1 2019, while those against individuals fell 33%. Malicious hackers now prefer to attack businesses with growing OT vulnerabilities over consumers.
Rising Payouts
Opportunity alone isn’t the only driving factor behind the rise in OT ransomware attacks. As companies collect and process more data through their OT, they have more to lose from these incidents. Consequently, the criminals that initiate them have more to gain, emboldening them to demand higher payouts from their victims.
Considering the severity of an OT attack, companies may be more willing to pay these ransoms than usual. If a malicious hacker uses ransomware to disable a critical piece of machinery, they could halt a facility’s operations entirely. The company would lose a considerable amount of money every minute before regaining control, thus making the ransom seem like a less expensive option.
In 2017, FedEx lost $300 million in a ransomware attack on its TNT Express division. Danish shipping company Maersk lost the same amount the same year from the NotPetya ransomware outbreak. Since IT-OT convergence has only grown since 2017, cybercriminals could stand to make even more now.
High Potential for Destruction
Not all cybercriminals operate merely to make money, and OT ransomware attacks can serve these criminals, too. One of the most concerning aspects of attacks against OT is their potential for destruction. As more critical infrastructure features IoT connectivity, a malicious hacker could cripple crucial utility systems through ransomware, leaving governments and their citizens defenseless.
The recent Colonial Pipeline hack highlights the potential these attacks have for widespread disruption. After cybercriminals locked Colonial’s data for a $5 million ransom, the ensuing shutdown spurred a short-lived but troubling fuel crisis. Gas prices jumped, and some airlines had to make fuel stops during long-haul flights.
Causing a similar level of damage through an IT attack would be far more challenging, likely requiring a larger, more sophisticated attack. This destructive potential makes OT ransomware attacks an enticing option for cyber-terrorists or enemy state-sponsored hackers. Consequently, these attacks have risen and might continue into the future.
Abundant Vulnerabilities
If nothing else, ransomware attacks on OT are increasing because OT rarely features sufficient cybersecurity. IT attacks can still be successful and profitable, but they require increasingly sophisticated methods as companies practice better cyber hygiene. OT attacks, on the other hand, are often easier to enact since organizations tend to overlook OT cybersecurity.
Most IoT devices feature minimal built-in security architecture, and much of it is optional, requiring user action to activate. Since cyberattacks against OT aren’t historically a threat, many organizations forget to enable the few safety features they have. Consequently, IoT connectivity makes OT a relatively easy target for cybercriminals.
The rise of the IIoT also brings cybersecurity risks to industries that don’t typically face them. Since companies in sectors like manufacturing or utilities haven’t had to defend against ransomware in the past, they may be unequipped to prevent an infection. As a result, even an inexperienced attacker could infiltrate an organization’s system and demand a ransom.
How to Protect Against OT Attacks
Ransomware attacks against OT are already a prominent threat, and they’ll likely continue to grow. Considering this trend, companies across every industry should take steps to prevent it. Perhaps the most important step is to recognize the importance of OT cybersecurity and make it a priority.
Organizations should ensure that all employees understand best practices like not clicking unsolicited links and using strong passwords. Similarly, requiring multi-factor authentication to access both IT and OT systems will help to address vulnerabilities. Segmenting networks to keep systems separate is another crucial step, as it will minimize a malicious hacker’s reach if they breach one part of the network.
More sectors are developing industry-specific best practices and providing relevant cybersecurity resources and benchmarks, as well. Organizations should look to these to understand what they need to do to ensure their OT systems are as secure as possible. If no industry standards exist, turning to other sectors can provide help and inspiration.
Finally, before implementing any IoT devices, companies should assess their security. Turning on all built-in security features, like data encryption, and hosting them on separate networks will help minimize their vulnerabilities. To ensure they stay safe from evolving threats, businesses should run regular third-party assessments and penetration tests of their OT security.
OT Cybersecurity Is Crucial Today
As Industry 4.0 keeps growing, the lines between IT and OT security are starting to blur. While operational technology may not be an immediately recognizable aspect of cybersecurity, it’s a crucial one. Businesses must secure their OT if they hope to avoid costly attacks.
While the IIoT brings many benefits, it also introduces new risks like OT ransomware attacks. If companies hope to make the most of these technologies, they must secure them first.
To learn more about how Tripwire is helping protect both OT and IT, click here.
About the Author: Emily Newton is the Editor-in-Chief of Revolutionized, an online magazine celebrating innovations in industry, science and technology. Subscribe to our newsletter for industry updates.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.