OT attacks increased by over 2000 percent in 2019, IBM reports

According to IBM, OT attacks increased by over 2000 percent in 2019, most of them involved the Echobot IoT malware.

IBM’s 2020 X-Force Threat Intelligence Index report analyzes the threat landscape in 2019, the experts observed a spike in the number of OT attacks.

According to IBM X-Force, attacks targeting operational technology (OT) infrastructure increased by over 2000 percent in 2019 compared to 2018, and most of them involved the Echobot malware.

The number of cyber attacks targeting OT infrastructures in 2019 was the greater even observed.

“OT attacks hit an all-time high. Malicious activity targeting operational technology assets, most notably industrial control systems (ICS), increased 2000 percent year-over-year in 2019, marking the largest number of attempted attacks on ICS and OT infrastructure in three years.” reads the post published by IBM that introduces the report.

In the OT attacks observed by IBM researchers, hackers attempted to exploit a combination of known ICS/SCADA vulnerabilities, as well as password-spraying attacks.

Experts pointed out that ICS attacks that they have observed were part of two specific campaigns carried out by the Xenotime group and by IBM Hive0016 (APT33).

In June 2019, experts from Dragos firm reported that Xenotime threat actor behind the 2017 Trisis/Triton malware attack was targeting electric utilities in the US and APAC.

“The overlap between IT infrastructure and OT, such as Programmable Logic Controllers (PLCs) and ICS, continued to present a risk to organizations that relied on such hybrid infrastructures in 2019.” continues the report. “The convergence of IT/OT infrastructure allows IT breaches to target OT devices controlling physical assets, which can greatly increase the cost to recover. “

Experts explained that once attacker gained the first foothold on the target network, they used lateral movement to target ICS systems from inside using simple exploitation techniques.

Fortunately, IBM experts had not seen any Echobot attacks that caused disruptions or other serious problems for the affected systems.

Experts from IBM believe that the number of OT attacks will rapidly increase in the next months.

“X-Force expects that attacks against ICS targets will continue to increase
in 2020, as various threat actors plot and launch new campaigns against
industrial networks across the globe.” concludes IBM.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – OT, Echobot)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.