OT Insights CenterLearning From 2024’s Top OT Attacks and Planning for 2025’s Security

Learning From 2024’s Top OT Attacks and Planning for 2025’s Security

In 2024, we witnessed more cyberattacks targeting OT and critical infrastructure. Analyzing these attacks reveals valuable insights that can help us bolster our OT security planning for 2025. Let’s explore the overarching themes of this past year’s attacks.
Picture of Rees Machtemes, P.Eng.

Rees Machtemes, P.Eng.

top 10 attack 2024 banner

Repeating Themes of 2024’s Top OT Attacks:

Increased Nation-State Activity
An increasing number of the attacks were attributed to nation-state actors, indicating a growing interest in disrupting or exploiting critical infrastructure for geopolitical reasons. This signals that a greater amount of resources are being spent by nation-states on establishing disruptive cyber capabilities.

Continued Exploitation of Zero-Day Vulnerabilities
Attackers increasingly leveraged zero-day vulnerabilities in routers, remote access solutions, and XIoT devices, highlighting the importance of taking proactive protective measures against such threats.

Ransomware Remains the #1 Threat
While nation-state and hacktivist attacks gained prominence, ransomware continued to disrupt industries, leading to financial losses, operational downtime, and even business closures. The ransomware model unfortunately creates a viable revenue model for attackers, enabling them to finance their operations and continue to operate with impunity.

Supply Chain Vulnerabilities
Attacks like the one on RideMovi demonstrate the vulnerability of organizations through their supply chain and the need for comprehensive security risk assessments that include unravelling operational dependencies on essential external components – in this case a cloud-hosted smartphone app.

Targeting of Specific Industries
While attacks spanned various sectors, some industries, like utilities, transportation, and manufacturing faced repeated targeting.

Get the Top 10 Attacks of 2024 Infographic


2024’s Attacks:

The top 10 cyber-attacks on Operational Technology (OT) in 2024 are:

  1. China’s ongoing Volt Typhoon nation-state campaign repeatedly maintained access to US critical infrastructure by exploiting zero-day vulnerabilities in SOHO routers and remote-access solutions.
  2. Moscollector’s IOT sensors were disabled by the novel Fuxnet malware. The malware sent fake commands into industrial control systems and destroyed flash memory chips, affecting thousands of IoT devices critical to wastewater, district heating in Russia’s capital.
  3. Novel FrostyGoop malware exploited a zero-day vulnerability in Mikrotik routers, leading to a district heating utility being mis-operated in Lviv, and leaving 600 homes without heating for two days.
  4. Barnett’s Couriers, an Australian trucking company, suffered a cyberattack, likely ransomware, that forced the company to declare bankruptcy and permanently shut down due to the costs associated with the attack.
  5. Muleshoe, Texas saw its water tanks overflow due to an attack by the Sandworm group masquerading as hacktivists, and who boasted on social media how easy it was to breach the water treatment plant’s cyber defenses by exploiting their remote access solution
  6. Omni Hotels lost control of operations for 11 days after shutting down systems in response to a cyberattack, impacting keycard access and new reservations, and causing an estimated $40 million in lost revenue.
  7. Keytronic Corp., a printed circuit board assembly manufacturer, halted operations for two weeks after detecting unusual activity on their IT network, with a BlackBasta ransomware affiliate claiming responsibility.
  8. Welch Foods experienced a ransomware attack that shut down production for three weeks, with a “criminal group” attempting to extort them by encrypting plant systems.
  9. Bologna’s RideMovi had 80% of its eBike fleet damaged or unusable due to a pirate smartphone app that allowed free access, leading to widespread illegal bike use.
  10. HAL Allergy fell victim to a RansomHouse double-extortion ransomware attack, causing delays in order processing and product delivery for 32 days. The attack was timed before the spring allergy season when demand for therapies was at its peak.

Leveraging 2024 Attacks for 2025 OT Security Planning:

By understanding the tactics and targets of 2024’s attacks, we can refine our OT security strategies for 2025. Here is a fast-five list of things to make sure you are doing in 2025:

  1. Don’t Slack on Vulnerability Management for Internet Devices: Implement regular vulnerability scanning and patching on all internet-facing assets and critical IT systems. This includes updating all Internet-facing routers, firewalls, IoT, and any other devices.
  2. Enhance Network Security: Segment OT networks from IT networks using unidirectional gateways, enforce strong access controls for all users, and monitor network traffic for suspicious activity. The OT network should be able to continue running undisturbed, even if IT is compromised. Given continued attacks on IT networks it is important to be able to keep OT systems running during IT attacks or even false-alarm incident investigations.
  3. Strengthen Incident Response: Develop and test incident response plans, including table-top exercises for threat hunting, containment, and recovery. If there is a cyberattack, it is much better that everyone is familiar with what they need to do as opposed to making loads of first-time mistakes while trying to figure it out.
  4. Collaborate and Share Information: Foster collaboration with industry peers and government agencies to share threat intelligence and best practices. By making sure any attack-related insights flow smoothly between the people that it needs to know about it, preparations can be made earlier.
  5. Employee Training and Awareness: Educate employees about cybersecurity threats and best practices to mitigate attacks that start on IT networks with deceived insiders.

 

By proactively addressing the evolving threat landscape and incorporating lessons from past incidents, organizations can strengthen their OT security posture and mitigate the risks of future attacks.

Get the Top 10 Attacks of 2024 Infographic
About the author
Picture of Rees Machtemes, P.Eng.

Rees Machtemes, P.Eng.

Rees Machtemes, P.Eng, has 20 years of experience and is the lead researcher for Waterfall's annual Threat Report. He has designed electrical substations, worked in plant automation and telecommunications. He also has supported IT data centers and OT hardware vendors. This experience has driven him to champion Cyber Informed Engineering and cyber-safe network designs for industry and critical infrastructure. He holds an engineering degree from the University of Alberta.
Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags