Increasing Cyber Threats Pose Challenges to Operational Technology Infrastructure
In 2023, a significant rise in ransomware incidents was observed globally, with industrial organizations bearing the brunt of these attacks. According to the latest report by Dragos Inc., titled the Australian 2023 OT Cybersecurity Year in Review, 905 such incidents occurred worldwide, 13 of which affected Australian organizations.
The manufacturing sector remained the primary target, accounting for 71% of all ransomware attacks. Notably, ransomware continued to be the number one attack vector in the industrial sector, with a nearly 50% increase in reported incidents in 2023.
Lockbit, a notorious ransomware variant, caused 25% of total industrial ransomware attacks, with ALPHV and BlackBasta accounting for 9% each. One of the most impactful incidents was the Lockbit 3.0 compromise of DP World Australia in November, which led to a shutdown of land-side port operations for three days. However, DP World Australia was able to clear 100% of the backlog, comprising 30,137 containers, ten days after first detecting the incident.
The Australian Cyber and Infrastructure Security Centre (CISC) has been actively working to bolster national cybersecurity and resilience, particularly in ICS/OT environments. The CISC published critical infrastructure asset class definition guidance on May 12, 2023, aimed at enhancing operational resilience across 22 sectors.
The report also highlighted the increasing focus on foreign espionage and interference as prime threats to critical infrastructure. In this regard, VOLTZITE, a new threat group identified by Dragos, overlaps with Volt Typhoon, a group that the US Government publicly linked to the People's Republic of China.
Hayley Turner, Area Vice President of Dragos Asia Pacific, stated that the number of ransomware incidents globally is increasing, leading to impacts in virtually every industrial sector, particularly manufacturing. Turner emphasised the importance of leaders and their teams working together to implement programs and critical safeguards in ICS/OT cybersecurity.
The report underscores the need for robust asset monitoring, intelligence-based detections for sophisticated threats, and a coordinated response in ICS/OT cybersecurity. The Critical Infrastructure Risk Management Program, part of a trio of security obligations introduced by recent amendments to the Security of Critical Infrastructure Act 2018, was activated.
The Australian 2023 Dragos OT Cybersecurity Year in Review report is now available for download, providing valuable insights into the evolving cybersecurity landscape and offering recommendations for strengthening resilience against these growing threats.
