Attack trends in the industrial sector during 2023

Posted date 30/11/2023
Author
INCIBE (INCIBE)
Attack trends in the industrial sector during 2023

roughout this 2023 many companies in different sectors of the industrial world have suffered a multitude of cyber-attacks. This is because it is currently one of the sectors where the level of cybersecurity is considerably low and the damage that can be caused is very high, for example, stopping factories that would cause a large amount of economic losses to the company or creating problems in the transformation centers of electricity which would cause that people could be left without electricity as already happened after the BlackEnergy attack.

Therefore, this article aims to provide information on the cyber-attack trends that each sector is suffering in order to be able to anticipate and minimize the damage after suffering a cyber-attack.

Trend to date in 2023

In order to carry out this analysis, a multitude of cyber-attacks suffered by different sectors such as food, health, oil, etc. have been collected. After studying these attacks, the most important data have been grouped into the following fields:

  • Attack patterns: in all industrial sectors, intrusion attacks are in first position, since one of the things that most attracts cybercriminals is being able to gain control of equipment. In second place are cyber-attacks against device websites, this is because such services are usually found with old versions that have vulnerabilities. Finally, the third place is occupied by social engineering attacks, this type of attacks are very common in recent years, as they take advantage of the lack of knowledge or awareness of employees, causing large losses of information or the possibility that external entities can access company devices.
  • Cybercriminals: almost all cyberattacks are carried out by people or entities external to the companies, although on some occasions cyberattacks have been carried out by the employees themselves, motivated by a discomfort with the company or in search of other benefits.
  • Motivations: it has been observed that almost all cyber-attacks are carried out for economic purposes, although on rare occasions they are carried out for espionage and to obtain sensitive and essential company information.
  • Compromised data: this field is one of the most equitable, since almost all attacks obtain personal information, company credentials or even financial data.

Most frequently used attack methods

The most commonly used types of attacks in 2023 were:

  • Denial of service (DoS): these types of attacks are capable of reducing or annulling the capacity of servers or computer resources that offer a service.
  • Ransomware: this is a type of malware that is capable of completely blocking control of the computer, encrypting the user's information and then demanding money to unlock or decrypt it. The best known in the industrial world are Conti ransomware and LockBit 2.0.
  • Exploitation of vulnerabilidades: this type of attack consists of taking advantage of a flaw in the technology to subsequently carry out more dangerous actions. Incredible as it may seem, many organizations still fail to patch available vulnerabilities with security updates to correct them.
  • Brute-force attacks: this type of attack is used to obtain existing credentials or encrypted data using trial and error.

Conclusion

The industrial sector is one of the most important today, due to the information it handles and the damage it can cause.

At the beginning of the year, our blog dedicated to 'What to expect from the industrial cybersecurity in 2023?' allows for a reflection, contrasting the information with the actual data obtained:

  • The attacks carried out are becoming more and more sophisticated as, with the improvement of technologies and the implementations of cybersecurity improvements, more and more, cybercriminals need to evolve their tools and use new techniques.
  • Social engineering techniques have very high success rates due to the lack of cybersecurity knowledge and awareness among employees. It is very important that companies do not overlook this and take preventive measures.
  • Web applications are increasingly used by companies trying to migrate a lot of data to the cloud or work telematically. However, on many occasions, due to the needs of the company, they are not carried out in a totally cybersecure way, causing clear opportunities for cybercriminals.