New data released by IBM X-Force on operational technology (OT) vulnerabilities confirmed the OT cyber threat landscape is expanding dramatically and assigns percentages to the attack sectors (manufacturing was highest at 65%) and vectors. Excerpts:
So far 2022 has seen international cyber security agencies issuing multiple alerts about malicious Russian cyber operations and potential attacks on critical infrastructure, the discovery of two new OT-specific pieces of malware, Industroyer2 and InController/PipeDream, and the disclosure of many operational technology (OT) vulnerabilities.
Sectors:
- 65% – Manufacturing – So far in 2022, manufacturing remains in the lead across both metrics at 23% of total IR cases and 65% among OT-related industries
- 13% – Electric utilities place a distant second at 13%
- 8% – Oil and gas and transportation tied for third at 8%
- 3% -Heavy and civil engineering accounts for about 3%
- 2% – Mining just shy of 2%.
Vectors:
- 78% – Phishing served as the initial infection vector in 78% of incidents
- 11% – Scanning and exploitation of vulnerabilities on external attack surfaces
- 11% – Removable media tied for second place at 11% of incidents, underscoring the long-standing threat that such media poses to OT networks, often by end users using infected USB media drives between operator workstations and personal laptops while in the field.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.