Claroty have today released new research, revealing that cybercriminals are increasingly targeting Cyber Physical Systems (CPS), often inspired politically and socially by geopolitical events.
The new report from Claroty, “Analysing CPS Attack Trends,” investigated more than 200 attacks carried out by more than 20 threat-actor groups against CPS in numerous industries over a 12-month period.
Key research findings:
- 82% of attacks against CPS involve using virtual network computing (VNC) protocol clients to remotely access exposed, internet-facing assets.
- 66% of incidents include the compromise of human machine interfaces (HMI) or supervisory control and data acquisition (SCADA) systems that are used to monitor and control industrial processes.
- Both HMI and SCADA device classes oversee industrial processes in real time, and any manipulation can lead to extreme consequences for organisations and the populations they serve.
- Many of these attacks utilise low-tech and do not require vulnerabilities or extensive knowledge of devices or protocols being leveraged.
- The attacks are found to be largely driven by political or social goals that align with known nation-state attacker motivations.
- 81% of incidents carried out by Iran-affiliated groups targeted organizations in the U.S. and Israel.
- 71% of incidents carried out by Russia-affiliated groups targeted organizations in the European Union (EU) countries.
- The top Russian-targeted EU countries were Italy (18%), France (11%), and Spain (9%).
“Based on what’s uncovered in the research, there’s a clear need to bolster security efforts for CPS, and organisations can no longer tolerate lax cybersecurity practices around these devices,” said Amir Preminger, CTO and Head of Team82 at Claroty.
You can read the full report here.
