2022: ICS Attacks on US Energy Sector Decreased While Ransomware Surged


February 15, 2023

World map

The latest ICS/OT Cybersecurity Year in Review report for 2022 found that while the overall trend in ICS-focused attacks on the U.S. energy sector showed a decrease in volume, the report also found that ICS attacks employing ransomware grew 87 percent year over year.

The researchers say they are tracking 57 distinct attacker groups, and that 39 of those groups conducted attacks in 2022, a year over year increase of 30 percent compared to 2021 figures, according to reporting from SecurityWeek.

“While the latest report includes some indication of improvement in the IOT space, the general trend has remained largely the same: IOT/OT devices remain vulnerable to attacks, and the attacks they are facing are getting more complex, growing the scope of impact on the targeted organizations,” said Jon Miller, CEO and Co-founder at ransomware prevention specialist Halcyon.

“Attackers are growing particularly fond of ransomware because they understand that bricking production means the organization is losing money by the second, adding pressure on the victim to pay in order to recover and prevent additional lost earnings.”

SecurityWeek points out further highlights from the report which include: over 70% of the attacks targeted the manufacturing sector followed by the food and beverage, energy, pharmaceuticals, and the oil and gas sector. 

Takeaway: One of the more alarming trends in the report is the significant expansion of external facing connections into ICS environments. A lack of visibility into OT environments combined with this inability to isolate systems from direct lines of communication outside the network leaves them wide open to attackers. Without a reasonably secure network perimeter, then security teams stand little to no chance of keeping the adversary out.

Another identified contributing factor is in user access control and the credential misuse – users are in the habit of using the same credentials or their org is set up to use the same credentials for both IT and OT environments. This is the single biggest factor that allows attackers to move laterally throughout the network and achieve privilege escalation once they are in, according to the report. Many of these IOT/OT systems were not designed with Internet connectivity in mind – they were intended to be localized systems with limited access.

Furthermore, many weren’t designed with even the most basic security features built in and may not have the capacity to include any security functionality. This makes the task of going back and 'bolting on' security super challenging, and that challenge is compounded by the fact that security teams cannot always accurately assess risk because they can't defend something they either can't see or don’t know is part of the complex network they need to keep secure.

Visibility, segmentation and the ability to control and limit any connectivity outside of the network are part of the security basics that IOT/OT devices were not designed to make easy, so it will likely be some time before we see these hard working security teams achieve an adequate baseline security posture.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon Endpoint Resilience expert today to find out more.