Ransomware Gangs Are Taking Aim At 'soft Target' Industrial Control Systems

Ransomware attacks are targeting legacy industrial control systems (ICS) and more needs to be done to secure networks at industrial facilities against the threat of being disrupted by cyber criminals attempting to make money from extortion. 

A report by cybersecurity researchers at Trend Micro warns that ransomware is "a concerning and rapidly evolving threat to ICS endpoints globally" with a significant rise in activity during the past year. 

The motive behind ransomware attacks is simple – making money. Cyber criminals know that by hitting the industrial control systems used to operate factories and manufacturing environments, which rely on constant uptime, they have a good chance of getting paid.

SEE: Cybersecurity: Let's get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

These networks, and the ones that support utilities like water and power, need to be fully operational in order to provide services and the longer the network is down, the more disruption there will be, so the victim might make the decision to give in and meet the ransom demand of the cyber criminals. 

"The underground cybercrime economy is big business for ransomware operators and affiliates alike. Industrial Control Systems found in critical national infrastructure, manufacturing and other facilities are seen as soft targets, with many systems still running legacy operating systems and unpatched applications. Any infection on these systems will most likely cause days if not weeks of outage," said Bharat Mistry, technical director at Trend Micro. 

Recent examples of successful ransomware campaigns like the attack against meat processor JBS demonstrate just how lucrative ransomware can be, as cyber criminals using REvil ransomware were able to make off with $11 million in bitcoin

Meanwhile, the Colonial Pipeline ransomware attack showed how a ransomware attack against an industrial target can have very real consequences for people, as gasoline supplies to much of the north-eastern United States were limited because of the attack. 

Cyber criminals using many different forms of ransomware are targeting industrial control systems but four families of ransomware account for over half of these attacks. 

They are Ryuk – which accounts for one in five ransomware attacks affecting ICS by itself – Nefilm, REvil (also known as Sodinokibi) and LockBit.  

According to the report, the US is the country with the most instances of ransomware affecting ICSs, followed by India, Taiwan and Spain. 

SEE: Ransomware: Paying up won't stop you from getting hit again, says cybersecurity chief

To help secure ICS endpoints against ransomware and other cyberattacks, the Trend Micro report offers several recommendations. 

They include patching systems with security updates, something the paper acknowledges as a "tedious" but necessary process. By ensuring networks are patched with the latest security updates, it means cyber criminals can't exploit known vulnerabilities that can be protected against. 

If patching isn't an option, then the network should be segmented in order to restrict vulnerable industrial control systems from internet-connected systems.  

It's also recommended that ICS networks are secured with strong username and passwords combinations that are difficult to crack with brute force attacks. Applying multi-factor authentication across the network can also help secure it against unauthorized intrusions. 

MORE ON CYBERSECURITY 

RECENT NEWS

Reassessing AI Investments: What The Correction In US Megacap Tech Stocks Signals

The recent correction in US megacap tech stocks, including giants like Nvidia, Tesla, Meta, and Alphabet, has sent rippl... Read more

AI Hype Meets Reality: Assessing The Impact Of Stock Declines On Future Tech Investments

Recent declines in the stock prices of major tech companies such as Nvidia, Tesla, Meta, and Alphabet have highlighted a... Read more

Technology Sector Fuels U.S. Economic Growth In Q2

The technology sector played a pivotal role in accelerating America's economic growth in the second quarter of 2024.The ... Read more

Tech Start-Ups Advised To Guard Against Foreign Investment Risks

The US National Counterintelligence and Security Center (NCSC) has advised American tech start-ups to be wary of foreign... Read more

Global IT Outage Threatens To Cost Insurers Billions

Largest disruption since 2017’s NotPetya malware attack highlights vulnerabilities.A recent global IT outage has cause... Read more

Global IT Outage Disrupts Airlines, Financial Services, And Media Groups

On Friday morning, a major IT outage caused widespread disruption across various sectors, including airlines, financial ... Read more