threat report – Waterfall Security Solutions https://waterfall-security.com Unbreachable OT security, unlimited OT connectivity Tue, 09 Sep 2025 06:41:23 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.2 https://waterfall-security.com/wp-content/uploads/2023/09/cropped-favicon2-2-32x32.png threat report – Waterfall Security Solutions https://waterfall-security.com 32 32 The 2025 OT Cyber Threat Report https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/2025-threat-report-ot-cyberattacks-with-physical-consequences/ Tue, 11 Mar 2025 18:34:19 +0000 https://waterfall-security.com/?p=31582 The Waterfall Threat Report 2025 brings you comprehensive insights on cyber attacks that caused physical consequences in OT environments.

The post The 2025 OT Cyber Threat Report appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterThe 2025 OT Cyber Threat Report

The 2025 OT Cyber Threat Report

2025 Threat Report

In a world where cyber threats to operational technology are evolving at an unprecedented pace, making informed security decisions is more critical than ever.

The Waterfall Threat Report 2025 brings you comprehensive, verifiable data on cyber attacks that caused physical consequences in OT environments to help you understand today’s threat landscape and what’s required to face it.

Unlike other industry reports, the Waterfall Threat Report 2025 focuses exclusively on verified incidents with physical consequences. Each data point is meticulously documented and can be independently verified, making this the most credible and actionable OT security report available today.

Download now

Key Takeaways

arrow red rightSharp Rise in Affected Sites: While the overall increase in attacks slowed, their reach expanded dramatically – by as much 146%.

arrow red rightNation-State Threats Tripled: State-sponsored actors are increasingly targeting critical infrastructure and industrial operations with a variety of attack methods, including widespread GPS jamming and spoofing. A concerning shift in the threat landscape.

  • Sharp Rise in Affected Sites: While the overall increase in attacks slowed, their reach expanded dramatically – by as much as 146%.

  • Nation-State Threats Tripled: State-sponsored actors are increasingly targeting critical infrastructure and industrial operations with a variety of attack methods, including widespread GPS jamming and spoofing. A concerning shift in the threat landscape.
About the author
Picture of Waterfall team

Waterfall team

FAQs About the 2025 OT Cyber Threat Report

The Waterfall Threat Report 2025 brings you comprehensive, verifiable data on cyber attacks that caused physical consequences in OT environments to help you understand today’s threat landscape and what’s required to face it.

Unlike other industry reports, the Waterfall Threat Report 2025 focuses exclusively on verified incidents with physical consequences. Reading the report will help you understand today’s threat landscape and what’s required to face it.

One of the most alarming findings from the report is the dramatic rise in cyber attacks that lead to impairments in physical operations. The number of affected sites more than doubled, with a staggering 146% increase in 2024 – rising from 412 sites in 2023 to 1,015.
This shift signals an escalation in the severity of attacks, highlighting the need for heightened vigilance.

Share

Fill out the form and get it by email

The post The 2025 OT Cyber Threat Report appeared first on Waterfall Security Solutions.

]]> Unpacking the 2025 OT Cyber Threat Report https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/unpacking-2025-ot-cyber-threat-report/ Wed, 26 Feb 2025 09:31:45 +0000 https://waterfall-security.com/?p=31318 Watch the webinar that unpacks Waterfall's 2025 OT Cyber Threat Report and understand today's OT cyber threat landscape.

The post Unpacking the 2025 OT Cyber Threat Report appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterUnpacking the 2025 OT Cyber Threat Report

Unpacking the 2025 OT Cyber Threat Report

Watch the webinar where we’ll dive deep into the findings of the most credible report in the OT Security industry.

In 2024, there was 146% increase in the number of sites impacted by cyberattacks targeting heavy industry.

The Waterfall Threat Report 2025 brings you comprehensive, verifiable data on cyber attacks that makes it the most trusted resource in the field.

Watch the webinar and join Greg Hale, Editor of ISSSource and Co-founder of ICS Strive, and Andrew Ginter, VP of Industrial Security at Waterfall, as they talk us through today’s threat landscape.

In this webinar Andrew Ginter and Greg Hale take us through:

arrow red right Discover the latest cybersecurity trends: From nation-state attacks to the explosion of ICS-capable malware, the report uncovers critical patterns.

arrow red right Understand the shifting landscape: New incident disclosure rules may be hindering transparency, not helping it. Learn why.

arrow red right Hear directly from the experts: Greg Hale, Editor of ISSSource and Co-founder of ICS Strive, alongside Andrew Ginter, VP of Industrial Security at Waterfall, will guide you through the most pressing findings.

About the speakers
Picture of Andrew Ginter

Andrew Ginter

Andrew Ginter is the most widely-read author in the industrial security space, with over 23,000 copies of his three books in print. He is a trusted advisor to the world's most secure industrial enterprises, and contributes regularly to industrial cybersecurity standards and guidance.
Picture of Greg Hale

Greg Hale

Greg Hale is the founder and editor of Industrial Safety and Security Source (ISSSource.com), the website focused on sharing Safety and Security news in the manufacturing automation sector. Prior to starting up ISSSource.com 12 years ago, he was the chief editor of InTech magazine for more than 10 years

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

Share

The post Unpacking the 2025 OT Cyber Threat Report appeared first on Waterfall Security Solutions.

]]> Top 10 Cyberattacks on Industrial and Critical Infrastructure of 2024 https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/top-10-cyberattacks-on-industrial-and-critical-infrastructure-of-2024/ Mon, 25 Nov 2024 10:33:07 +0000 https://waterfall-security.com/?p=28512 Watch the webinar to review the top 10 cyber incidents that impacted physical operations in critical infrastructure and heavy industry in 2024.

The post Top 10 Cyberattacks on Industrial and Critical Infrastructure of 2024 appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterTop 10 Cyberattacks on Industrial and Critical Infrastructure of 2024

Top 10 Cyberattacks on Industrial and Critical Infrastructure of 2024

Watch the webinar as Rees Machtemes takes us on an in-depth look at the most novel, notorious and impactful cyber incidents of 2024 on critical infrastructure around the globe.

As 2024 winds down, we wrap up and discuss the year’s most important cyber incidents that targeted physical operations – in both critical infrastructure and heavy industry. In this webinar, we outline the top ten most impactful incidents and important near-misses that every cybersecurity practitioner should be aware of.

In this webinar, Rees Machtemes takes us through:

arrow red right The costliest incidents in terms of lost time and money

arrow red right Incidents impacting safety and human life

arrow red right How control systems and OT networks were targeted

arrow red right Threat actors and TTP details

arrow red right What we might see in the near future in these same themes.

About the Speaker

Picture of Rees Machtemes, P.Eng.

Rees Machtemes, P.Eng.

Rees is the lead threat researcher for the annual Waterfall / ICSStrive OT Threat Report and writes frequently on the topic of OT / ICS cybersecurity. Being solutions-focused, he champions INL’s Cyber-Informed Engineering program and regularly provides advice and commentary to government agencies and standards bodies issuing OT security guidance.

Rees is a professional engineer with 15 years of industry experience in: power engineering, substation automation design, plant automation, telecommunications, data centres, and IT. He holds a degree in Electrical Engineering from the University of Alberta.

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Top 10 Cyberattacks on Industrial and Critical Infrastructure of 2024 appeared first on Waterfall Security Solutions.

]]> The 2024 Threat Report: Prioritizing Cyber Security Spending https://waterfall-security.com/ot-insights-center/ot-security-standards/2024-threat-report-inclusion-criteria/ Sun, 29 Sep 2024 13:24:48 +0000 https://waterfall-security.com/?p=27680 Waterfall’s latest 2024 Threat Report document credible attacks with physical consequences on industrial and critical infrastructures. Credible attacks not only inform defensive designs, but also help prioritize new investments in OT security.

The post The 2024 Threat Report: Prioritizing Cyber Security Spending appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterOT security standardsThe 2024 Threat Report: Prioritizing Cyber Security Spending

The 2024 Threat Report: Prioritizing Cyber Security Spending

Waterfall’s latest 2024 Threat Report document credible attacks with physical consequences on industrial and critical infrastructures. Credible attacks not only inform defensive designs, but also help prioritize new investments in OT security.
Picture of Rees Machtemes, P.Eng.

Rees Machtemes, P.Eng.

2024 OT security threat report inclusion criteria

For two years, I’ve been the lead threat researcher at Waterfall and co-author of our annual joint Threat Report with ICSStrive. It’s been a rewarding journey because the report helps practitioners explain to non-technical business decision makers why we need to spend money and effort on OT security. The report weeds through all recent public incidents to operational technology (OT) targets to identify only those attacks with physical consequences.

SCADA men at workThere are many cyber security threat reports published annually, each supported by an organization with some interest or stake in industry. When creating our threat report, we wanted ours to be as credible as possible. Credible is believable. To that end, we chose to use only information disclosed in public, and transparently publish our entire data set.

In my experience, too many decision-makers dismiss other threat reports because they mix-in near misses and don’t highlight attacks with real physical consequences. Likewise, decision makers tend to dismiss un-focused reports that fail to distinguish between IT and OT systems, or don’t distinguish between data breaches and operational shutdowns. Some reports go as far as counting each dropped packet at firewalls as a unique incident or report on what consequences might have happened, rather than those that did.  Credibility is essential to prioritizing investments in remediation.

“…too many decision-makers dismiss other threat reports because they mix-in near misses and don’t highlight attacks with real physical consequences.”

Threat Reporting Benefits Stakeholders

What makes an incident worth including in our report? In short, we include incidents that our customers are asking for. No, I don’t mean they are asking for an incident! I mean that critical and industrial asset owners and OT cyber security practitioners are often asking for examples of real-life cyber attacks that cause physical consequences. Practically, executives are facing calls to invest to address both opportunities and risks and need to know how much trouble they are in risk-wise. Will the cyber defenses they have, or are thinking of deploying, really work? Is the expenditure required proportional to the consequences? Are the threats credible and have they impacted our peers in similar industries with the same concerns?

What Are The Incident Inclusion Criteria?

The inclusion criteria we settled on, was that cyber incidents must:

  1. Have occurred in or after 2010,
  2. Be deliberate in nature,
  3. Result in physical consequences,
  4. Have impacted manufacturing, building automation, heavy industry, or critical industrial infrastructures, including transportation of people and goods,
  5. Be found in the public record, and
  6. Pass a credibility test.

The complete data set of all such incidents is published in Appendix A of the 2024 Threat Report.

– Download the 2024 Threat Report – 

Deliberate Attacks since 2010

All incidents in the report are deliberate cyberattacks – not operational errors and omissions, nor reliability defects in hardware and software – that resulted in outages or incidents. This may seem obvious, but this criterion rules out incidents that were first reported as possible cyber attacks, but later found to be otherwise.

Choosing to report on incidents since 2010 was no accident. While there are some incidents we could have included prior to Stuxnet, like Maroochy Shire (2001), we had to have a time-bound limit on reporting. Those of us who have been around OT security long enough will know that 2010 was the year Stuxnet was discovered. Still the most sophisticated malware ever created, Stuxnet deliberately caused sabotage to industrial control systems and marked a turning point in OT/industrial cyber security.

Impacting Safe, Continuous Operations in Heavy Industries

The incidents we track are those that resulted in physical consequences including production outages, equipment damage, environmental disasters and injuries or casualties – not just data theft or clean-up costs in a group of related industries. For example, powerplants won’t see retail supermarkets as a related industry whose cyber attacks are relevant, but likely see attacks on water treatment and distribution – another critical industrial infrastructure – as something power plant owners and operators care about.

Heavy industryWhile the inclusion criteria seem clear cut, what is surprising is that there are many edge cases. Consider a hypothetical incident at a supermarket chain. If that chain shuts down retail locations because of an attack on their business point of sale (POS) systems, in an abundance of caution over the fear leaking credit card and customer data, we will not report the attack. That’s a classic attack on IT systems. If however, the main distribution center’s cold storage temperatures were tampered with, compromising food safety in their supply chain, we will count it. That would constitute an OT systems attack with a considerable cost and health and safety impact on building management systems (BMS) in the food and beverage industry.

In an actual edge case example, we counted the March 2023 cyber attack against Alliance Healthcare, which halted their operations. As the dominant pharmaceutical logistics/transportation provider for hospitals, clinics, and pharmacies in Spain’s Catalonia region, the attack severely impacted dependant health-care providers. The threat report research team ruled that Alliance was in-scope as they provide transportation and logistics, even though health care services provided by their customers were not in scope.

Insights Not Opinions

Note that while the annual report does not track consequential cyberattacks in other industries or critical infrastructures such as telecommunications outages, canceled surgeries at hospitals, or most retail store shutdowns, readers interested in these other kinds of attacks can consult the ICS STRIVE incident repository, which tracks a wider variety of incidents than is covered in the report, and/or consult the other incident data sources listed in Appendix B of the 2024 Threat Report.

Readers will recognize our report is an under-statement of the problem, because we include only incidents in the public record. Every practitioner knows of a handful of incidents that were never made public, and so we are often asked “how much have we missed?” There is no clear answer – every member of the research team has a different opinion as to what was missed. The best answer is perhaps: “It doesn’t matter.” With consequential cyber attacks nearly doubling annually, it will take only a small number of years until we see a ten-fold increase over today’s numbers, and another few years before we see a hundred-fold increase. In practice, this real insight tends to be more convincing than a wide variety of “expert opinions.”

Conclusion

Tracking and filtering through the volume of incidents arriving at all hours can be fun but also all-consuming. Lately, I find myself in-demand as contacts and colleagues around the world rush to send me new incidents. Some I’ve already seen in a scripted kludge of alerts and feeds, but I’m often surprised at those few incidents that my automation didn’t catch. I’ve also learned to tame my expectations as not every incident ends up being a big deal, or credible enough to publish, even though I know the next “big one” could come anytime. Still, there’s great satisfaction in knowing that my work informs decision makers in the trenches on the front line against criminal ransomware and rising nation-state threats. This report is credible and believable, which helps to “shake the money loose.” The time has come to do something about these very real and believable risks to industrial and critical infrastructure. You can get your own copy of our latest threat report by clicking on the following button:

I welcome any feedback or questions that you may have, so feel free to reach out to me on my LinkedIn 

– Download the 2024 Threat Report – 

About the author
Picture of Rees Machtemes, P.Eng.

Rees Machtemes, P.Eng.

Rees Machtemes, P.Eng, has 20 years of experience and is the lead researcher for Waterfall's annual Threat Report. He has designed electrical substations, worked in plant automation and telecommunications. He also has supported IT data centers and OT hardware vendors. This experience has driven him to champion Cyber Informed Engineering and cyber-safe network designs for industry and critical infrastructure. He holds an engineering degree from the University of Alberta.
Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post The 2024 Threat Report: Prioritizing Cyber Security Spending appeared first on Waterfall Security Solutions.

]]> The 2024 Threat Report: Findings and Takeaways For Manufacturers https://waterfall-security.com/ot-insights-center/manufacturing/2024-threat-report-manufacturing-takeaways/ Mon, 01 Jul 2024 06:59:07 +0000 https://waterfall-security.com/?p=24537 Manufacturing, vital yet risky, faces a growing threat: criminal ransomware. Waterfall Security Solutions' 2024 Threat Report reveals a spike in ransomware attacks, causing severe disruptions in the industrial sector. Over half of the 68 recorded attacks in 2023 targeted manufacturing, resulting in costly shutdowns. With incidents nearly doubling yearly, plant operations will continue to see more downtime. However, the report also highlights key areas for improving OT cybersecurity, building resilience, and maintaining competitive operations.

The post The 2024 Threat Report: Findings and Takeaways For Manufacturers appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterManufacturingThe 2024 Threat Report: Findings and Takeaways For Manufacturers

The 2024 Threat Report: Findings and Takeaways For Manufacturers

Manufacturing, vital yet risky, faces a growing threat: criminal ransomware. Waterfall Security Solutions' 2024 Threat Report reveals a spike in ransomware attacks, causing severe disruptions in the industrial sector. Over half of the 68 recorded attacks in 2023 targeted manufacturing, resulting in costly shutdowns. With incidents nearly doubling yearly, plant operations will continue to see more downtime. However, the report also highlights key areas for improving OT cybersecurity, building resilience, and maintaining competitive operations.
Picture of Rees Machtemes, P.Eng.

Rees Machtemes, P.Eng.

Cybersecurity for the manufacturing industry

What is manufacturing cyber security?

Manufacturing cyber security protects industrial control systems and connected equipment from cyber threats. It defends production lines, sensors, and operational networks by using firewalls, intrusion detection systems, access control, and continuous monitoring to prevent disruptions and data breaches.

In the last 5 years, criminal ransomware has become the dominant cyber threat facing manufacturers. Waterfall’s Threat Report documents that in 2023, 68 deliberate cyber attacks caused physical consequences at  over 500 sites in manufacturing, heavy industry and critical infrastructures. Of those 68, over half (37, or 54%) impacted the manufacturing industry. Impacts included production shutdowns, work stoppages, and logistical delays. Taking stock of publicly known information, all but one of the 37 manufacturing incidents were ransomware-induced. The United States, Canada, and Germany faced the largest number of incidents and represent one quarter of global manufacturing output. Waterfall’s report shows that attacks with real-world consequences have gone from a handful of annual incidents in the last decade to yearly double-digit counts. Today, Incident counts have been growing exponentially and are nearly doubling every year.

Threat Report Graph

“…all but one of the 37 manufacturing incidents were ransomware-induced.”

Manufacturers See Increasing Impacts From Cybersecurity Incidents

There are no indications this trend is slowing down or becoming less costly to deal with. In the past, production downtime following a ransomware attack could be made up by restoring systems from backup and then running a few extra overtime shifts. Ultimately, no material impacts to the bottom line remained at year-end. Today, ransomware criminals are more efficient at targeting everyone with money. Last year saw one of the costliest incidents to date, with MKS Instruments suspending operations after a ransomware attack, claiming $200 m in lost or delayed sales in a filing with the US Securities and Exchange Commission (SEC). Their customer, Applied Materials later claimed the incident would cost them an additional $250m in lost sales.

Circuit Board Worker

In another SEC filing last August, Clorox reported that a ransomware attack so badly damaged their networks that they were forced to take systems offline. This cost them $49 m, impacted production for months, and their CISO left in the ensuing fallout. Production environments can also be dangerous, and cyber-induced shutdowns can have larger market and societal consequences than strictly financial consequences. Financial regulators like the SEC, the London Stock Exchange, and others are concerned and have mandated stricter reporting rules. Meanwhile, governments are concerned about safety and supply chain and piling additional financial and legal risks onto the post-incident burden organizations face, even after response and recovery is behind them.

Are Manufacturing OT Systems Being Attacked Directly?

To help understand modern attacks, Waterfall’s annual report also breaks new ground this year because now all consequential incidents are rated by “attack type,” or how the attack impacted operational technology (OT) networks and control systems. This matters because most OT networks are rarely connected directly out to the Internet or the Cloud, but lie behind a series of cyber defenses joined to IT (or business and enterprise) networks. 

After investigating all incidents, the startling conclusion is that three-quarters of ransomware shutdowns were indirect, and the remainder were direct attacks on operations. Indirect shutdowns included the “out of an abundance of caution” scenario, dependencies of OT systems on IT networks and systems, and third-party dependencies. Direct attacks on operations showed no distinction between, or evidence of any security separating IT and OT networks. That these failures in cybersecurity were even possible should give pause for thought. If ransomware criminals can access OT systems directly, how long will it be before they impair Safety Instrumented Systems or protective relays as part of their attacks? 

Since 2019, the world has changed, and ransomware attacks on the manufacturing industry seem to be with us for the foreseeable future. How ransomware shuts down manufacturing operations suggests that the long-term security strategy for this sector should include separating and strongly protecting safety and reliability-critical OT networks from IT networks, as well as eliminating all OT dependencies on IT systems and services. This approach – often called network segmentation – is standard practice in critical infrastructures like Power and Water. In these industries, the toughest security is deployed at the IT/OT interface – the so-called “consequence boundary” between networks with vastly different consequences of cyber compromise. Deploying the strongest protection at this consequence boundary enables production to safely continue despite a cyber incident. Even when ransomware impacts the IT network or third parties, there is ample flexibility to respond and recover when production lines can hum along safely and without worry.

For additional details and insights on cyber attacks, please download the Waterfall / ICSStrive 2024 Threat Report.

Get the Waterfall/ICSStrive 2024 Threat Report
About the author
Picture of Rees Machtemes, P.Eng.

Rees Machtemes, P.Eng.

Rees Machtemes, P.Eng, has 20 years of experience and is the lead researcher for Waterfall's annual Threat Report. He has designed electrical substations, worked in plant automation and telecommunications. He also has supported IT data centers and OT hardware vendors. This experience has driven him to champion Cyber Informed Engineering and cyber-safe network designs for industry and critical infrastructure. He holds an engineering degree from the University of Alberta.
Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post The 2024 Threat Report: Findings and Takeaways For Manufacturers appeared first on Waterfall Security Solutions.

]]> The 2024 Threat Report – At a Glance https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/2024-threat-report-blog/ Sun, 24 Mar 2024 13:14:32 +0000 https://waterfall-security.com/?p=21149 Cyber attacks impacting physical operations, like shut-downs, are rising. Waterfall’s NEW annual threat report provides industrial operators with the latest trends in the threat environment to prepare themselves going forward.

The post The 2024 Threat Report – At a Glance appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterOT security standardsThe 2024 Threat Report – At a Glance

The 2024 Threat Report – At a Glance

Cyber attacks impacting physical operations, like shut-downs, are rising. Waterfall’s NEW annual threat report provides industrial operators with the latest trends in the threat environment to prepare themselves going forward.
Picture of Rees Machtemes, P.Eng.

Rees Machtemes, P.Eng.

2024 threat report at a glance

Forewarned is Forearmed

Attacks with physical OT consequences increased in 2023. Attacks increased to 68. Impacted OT sites increased to over 500. Hacktivists and nation states are targeting and impacting critical infrastructures. Supply chain impacts are back. These new insights from the new 2024 Threat Report are available in a collaboration between Waterfall Security Solutions and ISSSource. The collaboration reports on credible public disclosures of cyber attacks with physical consequences in world-wide discrete manufacturing, process, and critical industrial infrastructure industries. As it is every year, this report is designed to be the most credible and conservative report available to OT/ICS cybersecurity practitioners, to best advise and assist industrial operators to mitigate threats in their field.

Reserve your copy of the 2024 Threat Report

The report covers all cyber attacks, that meet our inclusion criteria, from 2010 to 2023’s year-end. The report shows that in the past decade (from 2010 to 2019), OT cyber threats were a largely theoretical problem. However, in this decade (2020 to present), the problem has become very real and these kinds of attacks are nearly doubling annually at exponential growth. At the current rate, we should expect to see 100 cyber attacks by this year’s end (2024) to cause shut-downs or other physical consequences in hundreds of industrial sites world-wide.

The joint Waterfall and ISSSource 2024 Threat Report covers year-on-year attack trends to see where we are headed in the global cyber threat environment.

Big Impacts & Major Findings

Newest incident chartThe report’s data-set shows that ransomware is responsible for 80% of attacks in 2023 where the attack type could be attributed, impacting physical operations all over the world. A minority (15%) of attacks were due to hacktivists – “amateur” attackers with a political agenda. All of the year’s hacktivist attacks with physical consequences were associated with two on-going physical conflicts: The Iran-Israel proxy conflict and the Russo-Ukrainian War. These attacks brought about not just physical shutdowns but also large financial losses. High-profile incidents and trends in 2023 include:

  • Over half (54%) of incidents impacted discrete or process manufacturers, in sub-industries such as electronics, automotive, marine, cosmetics, and metals.
  • Numerous hacktivist attacks targeted Israeli-manufactured Unitronics Vision controllers deployed at water utilities worldwide.
  • Cyberattacks caused logistical outages and delays at five sea ports in Australia and Japan.
  • There were eleven (11) incidents where the victim organizations made financial disclosures or reports to the US SEC, London Stock Exchange (LSE), and other authorities,
  • Two (2) novel supply chain attacks had malicious firmware code inserted into the victim’s devices that subsequently impaired operations.
  • One of these attacks was cited as causing bankruptcy and mass-layoffs, adding to two similar incidents in 2022.

New insights this year stem from a detailed analysis of how attacks impair physical operations. Every incident going back to 2010 was rated by attack type, examined as to how the attack either directly or indirectly impacted the OT network or asset. 25% of attacks impacted OT networks and systems directly, and the remainder impacted operations only indirectly, but still had physical impacts.

Ransomware tactics and motivations evolved in 2023. Some ransomware groups appear to be shifting tactics to “data exfiltration only,” by stealing information without encrypting it. This is likely a factor behind a slightly slower growth in consequential OT incidents this year than in last year’s 2023 Threat Report. Also, Microsoft and SentinelLABS report that both nation-state and ransomware threat actors are now synergistically leveraging each other’s malware code and tools. I.e. not only are ransomware groups employing nation-state-grade tools and techniques, but nation-states are taking ransomware tools and re-purposing them for their own attacks.

Good News

The new report also highlights defensive developments in the year 2023. Hot on the heels of last year’s Cyber-Informed Engineering Strategy the US DOE & INL in September published their Cyber-Informed Engineering Implementation Guide. More of a strategy book full of questions to ponder than a “How-to” instructional manual, the Implementation Guide never-the-less is the most important development in cybersecurity since the term “OT Security” was coined in 2005. The ultimate goal of the CIE CIE strategy is to both teach cybersecurity to engineers, and to bring powerful engineering tools to cybersecurity – tools that do not exist in ISO 27001, the NIST CSF 2.0, IEC 62443 or any other cybersecurity standards.

Bottom Line

The joint Waterfall and ISSSource 2024 Threat Report covers year-on-year attack trends to see where we are headed in the global cyber threat environment. To the greatest extent practical, the team behind the report has gathered as much data as publicly available to track the number and frequency of these cyber events. The complete data set for the report is included in an appendix, complete with links to public reports of the attacks. The report also covers important defensive developments, including the CIE, as well as developments in artificial intelligence and global standards and guidelines.

Reserve your copy of the 2024 Threat Report
About the author
Picture of Rees Machtemes, P.Eng.

Rees Machtemes, P.Eng.

Rees Machtemes, P.Eng, has 20 years of experience and is the lead researcher for Waterfall's annual Threat Report. He has designed electrical substations, worked in plant automation and telecommunications. He also has supported IT data centers and OT hardware vendors. This experience has driven him to champion Cyber Informed Engineering and cyber-safe network designs for industry and critical infrastructure. He holds an engineering degree from the University of Alberta.
Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post The 2024 Threat Report – At a Glance appeared first on Waterfall Security Solutions.

]]> 2024 Threat Report – OT Cyberattacks with Physical Consequences https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/2024-threat-report-ot-cyberattacks-with-physical-consequences/ Sun, 17 Mar 2024 10:29:14 +0000 https://waterfall-security.com/?p=20305 Report on 68 cyberattacks that caused physical consequences to industrial control systems (ICS) and Operational Technology (OT) in 2023 that are in public records.

The post 2024 Threat Report – OT Cyberattacks with Physical Consequences appeared first on Waterfall Security Solutions.

]]>
OT Insights Center2024 Threat Report – OT Cyberattacks with Physical Consequences

2024 Threat Report – OT Cyberattacks with Physical Consequences

Threat Report Webinar

In 2023 we saw 68 cyberattacks in the public record that caused physical consequences to industrial control systems (ICS) and Operational Technology (OT) in building automation, manufacturing, heavy industry and critical industrial infrastructures. 80% of attacks were attributed to ransomware, and hacktivist impacts rose to 15%.

Download Now

Fill out the form and get your copy today.

Get the report to:

arrow red rightUnderstand how attacks on IT networks can have severe consequences on OT networks.

arrow red rightLearn why ransomware attacks with OT impacts slowed down, while overall attack counts continue to increase.

arrow red rightGet ahead of the curve with insights on the latest attacks worldwide and their impact.

arrow red rightBenefit from in-depth analysis from industry leaders offering expert perspectives on the current and future cyber threat landscape.

Appendix A, at the end of the Threat Report, also includes the entire dataset used for the report – a comprehensive list of all attacks in the public record with physical consequences for these industries since 2010, including links to public reports and sources that can be used to verify the attacks and learn more about them.

The report is a joint effort of Waterfall Security and the ICSStrive incident repository:
Picture of Rees Machtemes

Rees Machtemes

Director of Industrial Security at Waterfall Security

Picture of Monique Wallhof

Monique Wallhof

Consultant at Industrial Safety & Security Source

Picture of Greg Hale

Greg Hale

Editor & Founder at Industrial Safety And Security Source

Picture of Andrew Ginter

Andrew Ginter

VP Industrial Security at Waterfall Security

Share

Fill out the form and get it by email

The post 2024 Threat Report – OT Cyberattacks with Physical Consequences appeared first on Waterfall Security Solutions.

]]>