ICS/OT CYBERSECURITY YEAR IN REVIEW 2021
Contents
ICS/OT CYBERSECURITY
YEAR IN REVIEW 2021
2
Contents
Introduction................................................................................................................................. 4
Key Highlights..............................................................................................................................5
Activity Groups............................................................................................................................ 5
Ransomware Findings................................................................................................................ 5
Service Engagement Findings................................................................................................... 5
Vulnerability Advisory Findings................................................................................................ 6
In the Headlines............................................................................................................................7
When OT Cyber Disruption Leads to Panic and Economic Shutdown................................ 7
When Ransomware Attacks Endanger the Nation’s Food Supply......................................8
Oldsmar Demonstrates the Risk to Water Systems............................................................ 10
When the U.S. Food Supply Chain Became a Target............................................................ 11
2021 Threat Activity................................................................................................................... 12
Key Updates on Activity Groups..............................................................................................13
Updates on Previously Known Activity Groups................................................................... 14
STIBNITE................................................................................................................................................... 14
WASSONITE............................................................................................................................................ 15
KAMACITE................................................................................................................................................ 16
New Activity Groups.................................................................................................................17
KOSTOVITE..............................................................................................................................................18
PETROVITE............................................................................................................................................. 20
ERYTHRITE.............................................................................................................................................. 21
Ransomware and Industrial Infrastructure........................................................................... 23
The Unintended and Intended Ransomware Threats to OT......................................................23
Industrial Security Ransomware Trends..........................................................................................24
Ransomware Incidents By Group: Conti and Lockbit 2.0............................................................25
Why Were Ransomware Gangs So Successful in 2021?..............................................................26
The Growing Maturity of Ransomware as a Business.................................................................26
Looking Ahead Into 2022.....................................................................................................................26
Dragos Frontline Perspective.................................................................................................... 27
Lessons Learned from Incident Response.............................................................................28
Lessons Learned from the SolarWinds Compromise........................................................... 29
The Value of Root Cause Analysis..........................................................................................30
Who Changed the Setpoints?.................................................................................................30
Need for Monitoring and Incident Response Plans...................................................................... 31
| ICS/OT CYBERSECURITY YEAR IN REVIEW 2021
3
The Ghost in the Power …
YEAR IN REVIEW 2021
2
Contents
Introduction................................................................................................................................. 4
Key Highlights..............................................................................................................................5
Activity Groups............................................................................................................................ 5
Ransomware Findings................................................................................................................ 5
Service Engagement Findings................................................................................................... 5
Vulnerability Advisory Findings................................................................................................ 6
In the Headlines............................................................................................................................7
When OT Cyber Disruption Leads to Panic and Economic Shutdown................................ 7
When Ransomware Attacks Endanger the Nation’s Food Supply......................................8
Oldsmar Demonstrates the Risk to Water Systems............................................................ 10
When the U.S. Food Supply Chain Became a Target............................................................ 11
2021 Threat Activity................................................................................................................... 12
Key Updates on Activity Groups..............................................................................................13
Updates on Previously Known Activity Groups................................................................... 14
STIBNITE................................................................................................................................................... 14
WASSONITE............................................................................................................................................ 15
KAMACITE................................................................................................................................................ 16
New Activity Groups.................................................................................................................17
KOSTOVITE..............................................................................................................................................18
PETROVITE............................................................................................................................................. 20
ERYTHRITE.............................................................................................................................................. 21
Ransomware and Industrial Infrastructure........................................................................... 23
The Unintended and Intended Ransomware Threats to OT......................................................23
Industrial Security Ransomware Trends..........................................................................................24
Ransomware Incidents By Group: Conti and Lockbit 2.0............................................................25
Why Were Ransomware Gangs So Successful in 2021?..............................................................26
The Growing Maturity of Ransomware as a Business.................................................................26
Looking Ahead Into 2022.....................................................................................................................26
Dragos Frontline Perspective.................................................................................................... 27
Lessons Learned from Incident Response.............................................................................28
Lessons Learned from the SolarWinds Compromise........................................................... 29
The Value of Root Cause Analysis..........................................................................................30
Who Changed the Setpoints?.................................................................................................30
Need for Monitoring and Incident Response Plans...................................................................... 31
| ICS/OT CYBERSECURITY YEAR IN REVIEW 2021
3
The Ghost in the Power …