Ransomware is showing no signs of easing; supply chain threats are ramping up; the healthcare industry continues to be targeted; efforts to shift to a remote working model are, more than ever, complicated by the actions of threat actors.
This is according to a new report from Nozomi Networks Labs, which found that attackers are doubling down on high-value targets and weaponising the software supply chain.
“This report leaves no doubt that the time for action is now,” says Nozomi Networks co-founder and CTO Moreno Carullo.
“The recent Oldsmar, Florida water system attack and the ongoing SolarWinds investigation are dramatic reminders that the critical infrastructure and other systems that we rely on are vulnerable and at constant risk of attack.
“Understanding the effectiveness of defences against the emerging threat and vulnerability landscape is vital to success.The report found:
- Ransomware activity continues to dominate the threat landscape, growing in sophistication and persistence. In addition to demanding financial payments, Ryuk, Netwalker, Egregor and other ransomware gangs are exfiltrating data and deeply compromising networks for future nefarious activities.
- Supply chain threats and vulnerabilities show no signs of slowing. The unprecedented SolarWinds attack not only infected thousands of organisations, including U.S. Government agencies and critical infrastructure, but it also demonstrates the massive potential for attack via supply chain weaknesses.
- Threat actors are targeting healthcare. Nation-states use off-the-shelf red team tools to execute attacks and perform cyber-espionage against facilities involved with COVID-19 research. Ransomware crews are targeting healthcare providers and hospitals, in some cases disrupting patient treatment.
- Analysis of 151 ICS- CERTs published in the last six months found memory corruption errors are the dominant vulnerability type for industrial devices.
“Urgency has never been higher,” says Nozomi Networks CEO Edgard Capdevielle. “As industrial organisations race toward digital transformation, threat actors are taking advantage of greater OT connectivity to create attacks that aim to disrupt operations and threaten the safety, profitability and reputation of enterprises around the globe.
Capdevielle says that while threats may be on the rise, the technology to confront them is readily available.
“It's never been more important or more possible to take the necessary steps to detect and defend critical infrastructure and industrial operations.
The report's executive summary states: “As society deals with the second year of the COVID-19 pandemic, organisations are accelerating digitisation to survive and thrive.
“This places more focus on operational systems, which are at the heart of value and revenue creation.
“Adding to challenges, cybersecurity is ranked by executives as the second-highest risk to enterprises, and attacks on critical infrastructure are rated as the fifth-highest global risk by the World Economic Forum.”