Ransomware gangs increasingly targeting US critical infrastructure

Ransomware gangs are targeting the United States critical infrastructure and energy grid at an increasing rate, according to research by Dragos. Dragos is a cybersecurity firm led by former National Security Agency and military member Robert M. Lee. It specializes in Industrial Internet of Things (IIoT), Operational Technology (OT), and Industrial Control Systems (ICS) cyber protection.

The increase in cyber attacks are related to existing ransomware and cyber criminal groups stepping up attack frequency, and new malicious entrants joining the fold.

Dragos found that the third quarter of 2022, 36% of all critical infrastructure cyberattacks hit North American targets. This represents a total of 46 incidents in the quarter, up 10% from the previous quarter.

The majority of attacks overall was against manufacturing industry, representing 68%, or 88 unique incidents. Interestingly, several incidents specifically target metal production facilities. It’s unclear if its pure disruption or attempts at sabotaging competitors in a valuable commodity field amidst inflation, supply chain shortages, and geopolitics.

Dragos confirms the source of their numbers come from public disclosures as well as dark web announcements.

CISA issues cyber hygiene guidelines on critical infrastructure

This all comes as the Cybersecurity and Infrastructure Security Agency (CISA) wants increasing cyber hygiene and defenses deployed across US critical infrastructure companies.

CISA is seeking improved identity access management, network device security, and adherence to guidelines for operational technology, incident response and cyber training.

The initiatives are not meant to be all-encompassing, but a guideline to “capture medium-to-high cybersecurity risks,” according to CISA Director Jen Easterly.

Critical infrastructure networks “should be kept off the public internet as much as possible,” and accompanying networks should “deploy multi-factor authentication and password strength.”

“CISA took extensive input and feedback from industry stakeholders and this updated guidance reflects that they were listening closely, providing actionable but not overly prescriptive guidance – exactly the type of support the community has been requesting,” added Dragos CEO Robert M. Lee.

“This guidance can help lift industrial cybersecurity standards across the board to better protect our nation’s critical infrastructure,” Lee said.

CISA has also launched a discussion page with its new goals and guidelines to encourage public discourse and feedback. It is available for anyone to review on GitHub.