The #1 prediction in OTORIO’s Industrial Cybercrime Impact Report and 2021 Predictions was that ransomware would physically impact production in 2021. Three months into this year, and we can sadly say those predictions have come true.
Since January, attackers managed to physically affect the operations of large manufacturing plants and critical infrastructure sites alike. Here are a few of the major operational disruptions caused by cyberattacks thus far in 2021:
In January, the paper and packaging giant WestRock Co fell victim to a ransomware attack. The attack has caused severe disruption in the company’s production and shipping capabilities.
In February, hackers gained access to the water treatment system of Oldsmar, Florida, a town of nearly 14,000 residents. They manipulated the water supply’s sodium hydroxide (lye) levels - which could have endangered thousands of lives had it not been detected so quickly by a resourceful employee.
In another severe attack in February, a French hospital was hit by the Egregor ransomware. The hospital experienced severe operational disruption, shutting down critical care to patients during a global pandemic.
Just this week, in March, it was brewer Molson Coors’ turn. A cyberattack disrupted brewing operations and shipments of the multinational drink and brewing company. The company is still working on getting its systems back up.
OT Cybersecurity ≠ IT Cybersecurity
Unlike IT networks, where attacks impact data, in operational (OT) networks - like those of WestRock, Oldsmar water treatment, Dax-Côte d’Argent hospital, and Molson Coors - attackers can take control over physical assets and cause severe damage ranging from production slowdown to substantial risk to human life.
IT solutions are not suitable for OT networks. They focus on post-infection detention and on mitigation steps that require downtime. Yes, even highly risk-aware industrial enterprises still focus primarly on IT solutions, also for the OT network. As a result, despite the clear and present danger, OT networks often remain unprotected.
The operational networks control the heart of industrial production and critical operations and are comprised of legacy systems and devices - some of which entirely lack modern cybersecurity capabilities. This makes OT networks more vulnerable to cyberattacks, and threat actors know this. Hackers target operations because they understand that – given the mission-critical nature of the systems under attack - they are more likely to get a ransom.
Don’t let hackers shut down your operations
Manufacturers, industrial companies, and any organizations that rely on physical infrastructure to maintain business continuity should be prepared for the next cyberattack. By adopting OT incident response solutions that provide complete visibility over cybersecurity posture in the oft-neglected operational environment, OT security stakeholders can proactively apply feasible risk mitigation steps and make sure no one will shut down operations.