Drives and Controls Magazine
Cyberattacks soar to 13 per second – with OT a key target
Published:  31 January, 2024

There were more than 420 million cyberattacks on the world’s critical infrastructure last year – equivalent to 13 attacks every second, and a 30% increase on 2022 – according to a new report by the cyber-research organisation, Forescout Research.

The report, 2023 Global Threat Roundup, analyses attacks on sectors including manufacturing, power, communications, waste and transportation.

It finds that OT (operational technology) systems are “under relentless assault”, with industrial automation installations accounting to 71% of these attacks, followed by power grids on 28%, and building automation systems on 1%.

Five protocols bear the brunt of the attacks, with Modbus subject to a “staggering” 33% of all attacks, followed by Ethernet/IP, Step7 and DNP3, each accounting for around 18% of the onslaught. IEC10X accounts for 10% of attacks, with the remaining 2% being distributed among other protocols, the largest of which is the building control protocol BACnet.

The report finds that 163 countries suffered cyberattacks last year with the US being the main target, with 168 malicious actors setting their sights on the nation. In second place was the UK, targeted by 88 actors, followed by Germany (77), India (72) and Japan (66).

Nearly half of the attackers came from just three countries: China (with 155 attackers), Russia (88) and Iran (45).

Although there fewer attacks on software libraries last year, Forescout reports a surge in exploits that target network infrastructures and Internet of Things (IoT) devices. The most common IoT targets included IP cameras, building automation systems, and network-attached storage.

Modbus accounts for a third of attacks on OT systemsSource: Forescout Research

The report finds that only 35% of exploited vulnerabilities appear the Known Exploited Vulnerabilities (KEV) list compiled by the US government’s Cybersecurity and Infrastructure Security Agency, CISA. Forescout says that this emphasises the need for a proactive and comprehensive approach to cybersecurity that transcends reliance on known vulnerability databases.

Despite the challenges posed by the surge in cyber-attacks, Elisa Costante, Forescout’s vice-president of research at Forescout Research, is optimistic about the future.

“While it's true that current efforts have fallen short in fully harnessing crucial technology to fortify critical assets and assess risks, there is an opportunity for improvement,” she says. “The key lies in achieving comprehensive visibility, ensuring real-time contextual awareness of every device, whether managed or unmanaged.

“By doing so,’” she adds, “large enterprises can transition from a reactive defence posture to a more proactive approach, steering clear of the futile game of security whack-a-mole. This shift towards enhanced visibility and proactive defence strategies signals a brighter outlook for critical infrastructure.”

Forescout ResearchX  LinkedIn  Facebook