11 December 2024

The Biggest OT Security Incidents of 2024: Lessons for Critical Infrastructure

Operational Technology systems, or OT systems, are crucial when it comes to managing critical infrastructure such as energy grids, transportation networks, and manufacturing plants. It’s no surprise then, that they’re a prime target for cyber criminals, and they faced unprecedented cyber threats in 2024. Criminals are increasingly targeting these systems and exploiting their vulnerabilities to disrupt essential services and demand ransoms. In this blog, we’ll be taking a closer look at some of the biggest OT security incidents of 2024, what caused them, and suggest how to ensure you’re protecting your critical infrastructure.

The Importance of OT Security

Operational Technology (OT) systems control physical processes that keep our society running – from keeping the electricity on to managing water treatment facilities, and keeping transportation networks operational. A successful attack on these kinds of systems can result in catastrophic consequences, including power outages and even deaths. Unlike other cyber security incidents, attacks on OT systems directly impact physical infrastructure. In February, it was reported that OT security incidents impacted 46% of organisations around the world – meaning that it’s a matter of national and global importance. Below are some of the major OT security incidents of the last twelve months.

Russian Sabotage of Water Facilities

Cyber attacks on Ukrainian critical infrastructure helped pave the way for Russia’s invasion in 2022. However, it was discovered this year that Russian-backed hackers have also been active in other countries. Earlier this year, Mandiant reported that Sandworm, a Russian military intelligence hacking group, was the likely culprit behind attacks on critical infrastructure in the USA, Poland, and France. The group targeted a water treatment facility in Texas, causing overflow but no service disruption. This was an escalation of Russian cyber activities, and was the first suspected Sandworm-linked attack on American soil. Although no damage was done, next time they could do much more damage.

American Water Hit by Cyber Attack

In October, American Water, the largest water and sanitation utilities company in the US, suffered a cyber attack. The business, which serves 14 million people across 24 states, reported no impact on water quality or distribution. However, customer portals and billing services were disrupted. Experts suspect that state-backed attackers were behind the incident. Despite this, their motives (and the true extent of any data stolen) remain unknown. Speaking about the attack, Sean Deuby from Semperis pointed out that, “One common thread across all these campaigns is the use of identity for initial access, propagation, privilege escalation and persistence. Organizations should prioritize protecting these mission-critical systems.”

Volt Typhoon Stepped Up Its Efforts

The Chinese state-sponsored hacking group known as Volt Typhoon has been linked to OT security breaches, cyber espionage, and the hacking of US critical infrastructure. In the past, it has infiltrated sectors such as communications, energy, transportation, and water. The group’s activities are intended to disrupt critical services during any potential tensions or conflicts between China and the US. In January, an American law enforcement operation disabled hundreds of compromised routers – however, in November, it was revealed that the group was up and running again.

What Can Make OT Systems Vulnerable?

Many OT systems rely on outdated hardware and software that simply wasn’t designed with cyber security in mind. These systems often lack basic features like encryption or access controls, making them easy targets for attackers. With the increasing integration of IT and OT networks, however, this vulnerability is getting worse. Integration improves efficiency, but it also expands the attack surface. Any breach in an IT network can now offer criminals a way into the less secure OT systems that previously wouldn’t have been connected to the internet. 

Compounding the issue is the limited awareness and training in many businesses. Staff lack expertise in OT security, and can accidentally expose these systems to threats by failing to recognise phishing attempts or ignoring security protocols. Poorly segmented networks can also allow attackers to move across systems, turning what would have been a minor breach into a major incident.

Lessons Learned for Securing Critical Infrastructure

With cyber threats growing ever more sophisticated, protecting OT environments has become a top priority – both to ensure uninterrupted services and protect people’s lives. At Infosec K2K, we recommend a comprehensive approach to OT security. Organisations should conduct comprehensive risk assessments of their OT environments to find any vulnerabilities. Regular evaluations, like the assessments we offer, can help to tackle risks before attackers can exploit them. 

Equally important is patching and updating software. Unpatched vulnerabilities are a common entry point for attackers. Security professionals should establish patch management protocols and ensure timely updates – even for legacy systems such as OT networks. Limiting access to OT systems through strict controls, MFA, and the principle of least privilege also helps reduce your exposure to attacks. Proper segmentation of IT and OT networks, and tools like firewalls and virtual LANs (VLANs), helps to contain data breaches.

The Road Ahead For OT Security

The consequences of ignoring cybersecurity in OT environments are too severe to overlook. Thankfully, while attacks are becoming more sophisticated, the strategies to counter them are also evolving. Investing in OT security shouldn’t be thought of as optional, but rather a key part of any organisation’s security strategy. Here at Infosec K2K, we understand securing OT systems isn’t just about protecting your data. It’s about ensuring the safety of our society.

Whatever solution you’re looking for, we can help. The experts at Infosec K2K can offer you specialist guidance, and help you find the product that’s the best fit for you.

Get in touch with us to find out more about how we can help you.

Leave a Reply

Your email address will not be published. Required fields are marked *