ICS/OT CYBERSECURITY YEAR IN REVIEW 2022
Contents
ICS/OT CYBERSECURITY
YEAR IN REVIEW 2022
I C S /OT CYBE RSEC U RITY YEAR IN REVI EW 202 2
Contents
2022 Key Findings Overview........................................................................................................... 4
Key Highlights: By the Numbers.................................................................................................... 6
2022 Threat Activity.......................................................................................................................... 8
2022 New Threat Groups...........................................................................................................................................11
CHERNOVITE .................................................................................................................................................................11
BENTONITE....................................................................................................................................................................13
Updates on Active Threat Groups.......................................................................................................................... 14
KOSTOVITE.....................................................................................................................................................................15
KAMACITE......................................................................................................................................................................17
XENOTIME......................................................................................................................................................................18
ELECTRUM.....................................................................................................................................................................19
ERYTHRITE................................................................................................................................................................... 20
WASSONITE...................................................................................................................................................................21
CHERNOVITE’S PIPEDREAM..................................................................................................................................22
Implications and Outlook......................................................................................................................................... 22
2022 Industrial Ransomware Analysis................................................................................................................26
Increase in Ransomware Activity......................................................................................................................... 26
Industrial Ransomware Attacks ........................................................................................................................... 27
Ransomware Timeline ............................................................................................................................................. 28
Industrial Ransomware Trends: Moves and Changes................................................................................... 29
What’s Next?.................................................................................................................................................................. 34
Ransomware Kill Chain ........................................................................................................................................... 34
ICS/OT Vulnerabilities.....................................................................................................................36
Root Cause Analysis of Password “Cracking” Vulnerabilities.......................................................................37
Root-Cause #1: Protocols Lacking Authentication on Critical Functions................................................ 39
Root-Cause #2: Undocumented Protocol Commands..................................................................................... 39
Conclusion..................................................................................................................................................................... 39
OT:ICEFALL and the Importance of Public Reporting.......................................................................................40
Mitigations for OT:ICEFALL......................................................................................................................................41
2
I C S /OT CYBE RSEC U RITY YEAR IN REVI EW 202 2
Key ICS Vulnerability Trends..................................................................................................................................42
Overview of Key Findings........................................................................................................................................ 42
Many Advisories Contained Errors and Lacked Patches and Actionable Guidance........................... 43
ICS Impact: Loss of View, Loss of Control, or Both........................................................................................... 44
Where Do Vulnerabilities Reside?......................................................................................................................... 45
Errors in Vulnerability Severity Scores............................................................................................................... 46
Prioritization …
YEAR IN REVIEW 2022
I C S /OT CYBE RSEC U RITY YEAR IN REVI EW 202 2
Contents
2022 Key Findings Overview........................................................................................................... 4
Key Highlights: By the Numbers.................................................................................................... 6
2022 Threat Activity.......................................................................................................................... 8
2022 New Threat Groups...........................................................................................................................................11
CHERNOVITE .................................................................................................................................................................11
BENTONITE....................................................................................................................................................................13
Updates on Active Threat Groups.......................................................................................................................... 14
KOSTOVITE.....................................................................................................................................................................15
KAMACITE......................................................................................................................................................................17
XENOTIME......................................................................................................................................................................18
ELECTRUM.....................................................................................................................................................................19
ERYTHRITE................................................................................................................................................................... 20
WASSONITE...................................................................................................................................................................21
CHERNOVITE’S PIPEDREAM..................................................................................................................................22
Implications and Outlook......................................................................................................................................... 22
2022 Industrial Ransomware Analysis................................................................................................................26
Increase in Ransomware Activity......................................................................................................................... 26
Industrial Ransomware Attacks ........................................................................................................................... 27
Ransomware Timeline ............................................................................................................................................. 28
Industrial Ransomware Trends: Moves and Changes................................................................................... 29
What’s Next?.................................................................................................................................................................. 34
Ransomware Kill Chain ........................................................................................................................................... 34
ICS/OT Vulnerabilities.....................................................................................................................36
Root Cause Analysis of Password “Cracking” Vulnerabilities.......................................................................37
Root-Cause #1: Protocols Lacking Authentication on Critical Functions................................................ 39
Root-Cause #2: Undocumented Protocol Commands..................................................................................... 39
Conclusion..................................................................................................................................................................... 39
OT:ICEFALL and the Importance of Public Reporting.......................................................................................40
Mitigations for OT:ICEFALL......................................................................................................................................41
2
I C S /OT CYBE RSEC U RITY YEAR IN REVI EW 202 2
Key ICS Vulnerability Trends..................................................................................................................................42
Overview of Key Findings........................................................................................................................................ 42
Many Advisories Contained Errors and Lacked Patches and Actionable Guidance........................... 43
ICS Impact: Loss of View, Loss of Control, or Both........................................................................................... 44
Where Do Vulnerabilities Reside?......................................................................................................................... 45
Errors in Vulnerability Severity Scores............................................................................................................... 46
Prioritization …