• 1000

Ransomware and other forms of malware can unleash havoc in diverse and increasingly creative ways, including paralyzing attacks on infrastructure, businesses, government and even global internet services. The growing threat of sophisticated cyberattacks is creating significant challenges to the promise and potential of the digital revolution.

Threats become particularly critical when involving operational technology (OT) controlled environments, which are typically used in the production and distribution of goods and services critical to national infrastructure and broader society. Cyberattacks affecting OT environments have become a harsh and troubling reality in recent years and a growing concern as their potential to create massive disruption increases.

While attacks on OT environments have escalated in recent years, they are unfortunately gaining momentum as the rapid shift to online services and remote working during the global pandemic creates new opportunities to launch lucrative ransomware attacks. Organized crime groups are raising the ransomware stakes in terms of the sophistication and costs of attacks, and increasingly targeting national infrastructure across an array of sectors, including healthcare, manufacturing, energy, and oil and gas.

The reality is that ransomware attacks can deliver high returns for criminals, and the rapid growth of liquidity in cryptocurrency markets is creating more opportunities for large payoffs.

Ransomware attacks on OT networks soared by 500 percent from 2018 to 2020. Out of these, manufacturing entities comprised over one-third of confirmed ransomware attacks on industrial organizations, followed by utilities, which made up 10 percent.

The estimated costs of these ransomware attacks has skyrocketed — climbing from US$8 billion in 2018 to US$11.5 billion in 2019 and hitting US$20 billion in 2020. The operational disruption due to ransomware in OT environments has led to a 23-fold increase. In 2020, there was a 32 percent increase in ransomware attacks against energy and utilities organizations.

As OT environments are increasingly digitized to help optimize efficiency, the lines between air-gapped OT systems and corporate information technology (IT) environments are blurring. Ongoing integration of Industrial Internet of Things (IIOT) devices and remote management systems — which has accelerated since the start of the pandemic — has increased the exposure of OT environments and the risk of attack (for the sake of simplicity, the acronym OT refers to both traditional OT as well as IIOT). The attack this year on the Oldsmar, Florida water treatment plant, where an intruder remotely infiltrated the plant’s control system and water chemistry, potentially poisoning local residents, is just one recent example of how OT-IT integration is posing significant new risks.

What makes malware in all its forms a particularly dangerous threat is that it encapsulates harmful capabilities in software format, allowing hackers with limited expertise to launch destructive and costly attacks. ‘Egregor’ ransomware and others are following the ransomware-as-a-service (RaaS) model, which conveniently provides criminals with tools that can empower even the most inexperienced of hackers to launch complex and devastating attacks.

Malware can also be reused and enhanced, allowing malicious actors to build upon existing capabilities and ultimately expand their destructive power. A software weapon such as malware stays in the digital terrain for others to use, reuse and improve. That was the case with MIRAI, which spawned a series of variants after its initial attack. Finally, malware can cause unexpected damage beyond the intentions of its authors. This is especially true for self-replicating malware — worms or viruses — that can propagate indefinitely and unpredictably unless specific ‘kill-switches’ are included in the software by their authors. Nothing prevents future perpetrators from disabling that kill switch.

The excerpt was taken from the KPMG Thought Leadership publication entitled Securing a hyperconnected world.