Dragos report shows rising OT cybersecurity threat in Australia
Dragos has released its Australian 2023 OT Cybersecurity Year in Review report, highlighting a significant increase in vulnerabilities across major industrial sectors. The report underscores a growing threat to operational technology (OT) systems, as both sophisticated threat groups and hacktivists demonstrated their capacity to breach critical infrastructure networks and disrupt OT systems.
In 2023, of 905 global ransomware incidents impacting industrial organisations, 13 involved Australian entities. High-profile incidents, such as those involving DP World Australia, have highlighted the potential cascading effects of ransomware on industrial operations, supply chains, and consumers. DP World Australia, which handles 40 per cent of goods entering and leaving the country, faced a land-side port operations shutdown lasting three days due to a cyber compromise, underscoring the vulnerability of critical infrastructure.
Hayley Turner, Area Vice President of Dragos Asia Pacific, commented, "With each passing year, the number of ransomware incidents globally climbs even higher, leading to cascading impacts for virtually every industrial sector, particularly manufacturing. Meanwhile, the number of vulnerabilities present in industrial control systems (ICS) continue to grow exponentially, along with the adversaries' appetite to exploit them."
Customer engagements across various industries revealed that sectors such as electric, oil and gas, water, and manufacturing showed moderate improvements in their ICS/OT cybersecurity posture over the past year. However, Turner noted that many industrial organisations still face challenges with password management and threat detection capabilities within their ICS/OT environments.
"Now is time to take bigger strides," Turner stated, emphasising the need for coordinated efforts from partners across Australia's cybersecurity community and emergency measures when necessary to mitigate adverse effects on critical business operations and the communities they serve.
The report also identified the emergence of three new threat groups in 2023, including VOLTZITE, associated with Volt Typhoon. Ransomware remained the most reported cyber threat among industrial organisations, with a nearly 50 per cent increase in incidents. VOLTZITE has been targeting sectors such as electric power generation, transmission, distribution, research, technology, defence industrial bases, satellite services, telecommunications, and educational organisations. The group is linked to activities of reconnaissance and geopolitical advantage by the People's Republic of China.
Globally, Dragos now tracks 21 threat groups engaged in OT operations. Key findings from 2023 include that 80 per cent of vulnerabilities reside deep within the ICS network, 16 per cent of advisories were network exploitable and perimeter facing, and 53 per cent of the advisories analysed could cause both a loss of view and loss of control, up from 51 per cent in 2022.
Ransomware groups, including Lockbit, ALPHV, and BlackBasta, were responsible for significant disruptions, with Lockbit accounting for 25 per cent of all industrial ransomware attacks and the manufacturing sector being the primary target, making up 71 per cent of attacks.
The Australian Signals Directorate's Annual Cyber Threat Report revealed a 50 per cent increase in cyber incidents targeting critical infrastructure. These incidents reflect a broader trend of foreign espionage and interference, with sophisticated threat groups seeking geopolitical advantages. This trend underscores the necessity for robust cybersecurity measures and the importance of private and public partnerships both within Australia and internationally.
In 2023, the Cyber and Infrastructure Security Centre (CISC) advanced its efforts to enhance national cybersecurity and resilience, particularly in ICS/OT environments. Notable initiatives included the publication of critical infrastructure asset class definition guidance and the activation of the Critical Infrastructure Risk Management Program, part of recent amendments to the Security of Critical Infrastructure Act 2018.
Turner concluded, "These steps signal the urgency and importance of robust asset monitoring, intelligence-based detections for sophisticated threats, and a coordinated response to safeguard essential services that Australians rely upon." As ICS/OT cybersecurity becomes a top priority, leaders and their teams must work together to implement critical cybersecurity controls and ensure alignment on key priorities.