threat report 2024 – Waterfall Security Solutions https://waterfall-security.com Unbreachable OT security, unlimited OT connectivity Sun, 06 Jul 2025 12:10:12 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.2 https://waterfall-security.com/wp-content/uploads/2023/09/cropped-favicon2-2-32x32.png threat report 2024 – Waterfall Security Solutions https://waterfall-security.com 32 32 The 2024 Threat Report – At a Glance https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/2024-threat-report-blog/ Sun, 24 Mar 2024 13:14:32 +0000 https://waterfall-security.com/?p=21149 Cyber attacks impacting physical operations, like shut-downs, are rising. Waterfall’s NEW annual threat report provides industrial operators with the latest trends in the threat environment to prepare themselves going forward.

The post The 2024 Threat Report – At a Glance appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterOT security standardsThe 2024 Threat Report – At a Glance

The 2024 Threat Report – At a Glance

Cyber attacks impacting physical operations, like shut-downs, are rising. Waterfall’s NEW annual threat report provides industrial operators with the latest trends in the threat environment to prepare themselves going forward.
Picture of Rees Machtemes, P.Eng.

Rees Machtemes, P.Eng.

2024 threat report at a glance

Forewarned is Forearmed

Attacks with physical OT consequences increased in 2023. Attacks increased to 68. Impacted OT sites increased to over 500. Hacktivists and nation states are targeting and impacting critical infrastructures. Supply chain impacts are back. These new insights from the new 2024 Threat Report are available in a collaboration between Waterfall Security Solutions and ISSSource. The collaboration reports on credible public disclosures of cyber attacks with physical consequences in world-wide discrete manufacturing, process, and critical industrial infrastructure industries. As it is every year, this report is designed to be the most credible and conservative report available to OT/ICS cybersecurity practitioners, to best advise and assist industrial operators to mitigate threats in their field.

Reserve your copy of the 2024 Threat Report

The report covers all cyber attacks, that meet our inclusion criteria, from 2010 to 2023’s year-end. The report shows that in the past decade (from 2010 to 2019), OT cyber threats were a largely theoretical problem. However, in this decade (2020 to present), the problem has become very real and these kinds of attacks are nearly doubling annually at exponential growth. At the current rate, we should expect to see 100 cyber attacks by this year’s end (2024) to cause shut-downs or other physical consequences in hundreds of industrial sites world-wide.

The joint Waterfall and ISSSource 2024 Threat Report covers year-on-year attack trends to see where we are headed in the global cyber threat environment.

Big Impacts & Major Findings

Newest incident chartThe report’s data-set shows that ransomware is responsible for 80% of attacks in 2023 where the attack type could be attributed, impacting physical operations all over the world. A minority (15%) of attacks were due to hacktivists – “amateur” attackers with a political agenda. All of the year’s hacktivist attacks with physical consequences were associated with two on-going physical conflicts: The Iran-Israel proxy conflict and the Russo-Ukrainian War. These attacks brought about not just physical shutdowns but also large financial losses. High-profile incidents and trends in 2023 include:

  • Over half (54%) of incidents impacted discrete or process manufacturers, in sub-industries such as electronics, automotive, marine, cosmetics, and metals.
  • Numerous hacktivist attacks targeted Israeli-manufactured Unitronics Vision controllers deployed at water utilities worldwide.
  • Cyberattacks caused logistical outages and delays at five sea ports in Australia and Japan.
  • There were eleven (11) incidents where the victim organizations made financial disclosures or reports to the US SEC, London Stock Exchange (LSE), and other authorities,
  • Two (2) novel supply chain attacks had malicious firmware code inserted into the victim’s devices that subsequently impaired operations.
  • One of these attacks was cited as causing bankruptcy and mass-layoffs, adding to two similar incidents in 2022.

New insights this year stem from a detailed analysis of how attacks impair physical operations. Every incident going back to 2010 was rated by attack type, examined as to how the attack either directly or indirectly impacted the OT network or asset. 25% of attacks impacted OT networks and systems directly, and the remainder impacted operations only indirectly, but still had physical impacts.

Ransomware tactics and motivations evolved in 2023. Some ransomware groups appear to be shifting tactics to “data exfiltration only,” by stealing information without encrypting it. This is likely a factor behind a slightly slower growth in consequential OT incidents this year than in last year’s 2023 Threat Report. Also, Microsoft and SentinelLABS report that both nation-state and ransomware threat actors are now synergistically leveraging each other’s malware code and tools. I.e. not only are ransomware groups employing nation-state-grade tools and techniques, but nation-states are taking ransomware tools and re-purposing them for their own attacks.

Good News

The new report also highlights defensive developments in the year 2023. Hot on the heels of last year’s Cyber-Informed Engineering Strategy the US DOE & INL in September published their Cyber-Informed Engineering Implementation Guide. More of a strategy book full of questions to ponder than a “How-to” instructional manual, the Implementation Guide never-the-less is the most important development in cybersecurity since the term “OT Security” was coined in 2005. The ultimate goal of the CIE CIE strategy is to both teach cybersecurity to engineers, and to bring powerful engineering tools to cybersecurity – tools that do not exist in ISO 27001, the NIST CSF 2.0, IEC 62443 or any other cybersecurity standards.

Bottom Line

The joint Waterfall and ISSSource 2024 Threat Report covers year-on-year attack trends to see where we are headed in the global cyber threat environment. To the greatest extent practical, the team behind the report has gathered as much data as publicly available to track the number and frequency of these cyber events. The complete data set for the report is included in an appendix, complete with links to public reports of the attacks. The report also covers important defensive developments, including the CIE, as well as developments in artificial intelligence and global standards and guidelines.

Reserve your copy of the 2024 Threat Report
About the author
Picture of Rees Machtemes, P.Eng.

Rees Machtemes, P.Eng.

Rees Machtemes, P.Eng, has 20 years of experience and is the lead researcher for Waterfall's annual Threat Report. He has designed electrical substations, worked in plant automation and telecommunications. He also has supported IT data centers and OT hardware vendors. This experience has driven him to champion Cyber Informed Engineering and cyber-safe network designs for industry and critical infrastructure. He holds an engineering degree from the University of Alberta.
Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post The 2024 Threat Report – At a Glance appeared first on Waterfall Security Solutions.

]]> 2024 Threat Report – OT Cyberattacks with Physical Consequences https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/2024-threat-report-ot-cyberattacks-with-physical-consequences/ Sun, 17 Mar 2024 10:29:14 +0000 https://waterfall-security.com/?p=20305 Report on 68 cyberattacks that caused physical consequences to industrial control systems (ICS) and Operational Technology (OT) in 2023 that are in public records.

The post 2024 Threat Report – OT Cyberattacks with Physical Consequences appeared first on Waterfall Security Solutions.

]]>
OT Insights Center2024 Threat Report – OT Cyberattacks with Physical Consequences

2024 Threat Report – OT Cyberattacks with Physical Consequences

Threat Report Webinar

In 2023 we saw 68 cyberattacks in the public record that caused physical consequences to industrial control systems (ICS) and Operational Technology (OT) in building automation, manufacturing, heavy industry and critical industrial infrastructures. 80% of attacks were attributed to ransomware, and hacktivist impacts rose to 15%.

Download Now

Fill out the form and get your copy today.

Get the report to:

arrow red rightUnderstand how attacks on IT networks can have severe consequences on OT networks.

arrow red rightLearn why ransomware attacks with OT impacts slowed down, while overall attack counts continue to increase.

arrow red rightGet ahead of the curve with insights on the latest attacks worldwide and their impact.

arrow red rightBenefit from in-depth analysis from industry leaders offering expert perspectives on the current and future cyber threat landscape.

Appendix A, at the end of the Threat Report, also includes the entire dataset used for the report – a comprehensive list of all attacks in the public record with physical consequences for these industries since 2010, including links to public reports and sources that can be used to verify the attacks and learn more about them.

The report is a joint effort of Waterfall Security and the ICSStrive incident repository:
Picture of Rees Machtemes

Rees Machtemes

Director of Industrial Security at Waterfall Security

Picture of Monique Wallhof

Monique Wallhof

Consultant at Industrial Safety & Security Source

Picture of Greg Hale

Greg Hale

Editor & Founder at Industrial Safety And Security Source

Picture of Andrew Ginter

Andrew Ginter

VP Industrial Security at Waterfall Security

Share

Fill out the form and get it by email

The post 2024 Threat Report – OT Cyberattacks with Physical Consequences appeared first on Waterfall Security Solutions.

]]>