Cybersecurity In-Depth: Digging into data about the latest attacks, threats, and trends using charts and tables.

Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems

SANS recently published its 2024 State of ICS.OT Cybersecurity report, highlighting the skills of cyber professionals working in critical infrastructure, budget estimates, and emerging technologies. The report also looked at the most common types of attack vectors used against ICT/OT networks.

1 Min Read
Figure 12, Initial Attack Vectors
Source: SANS

Attacks against industrial control systems and operations technology systems are increasing, as adversaries find weaknesses in IT networks that allows them to move into OT networks, according to a recent report from SANS.

The State of ICS/OT Cybersecurity 2024 report from SANS is based on responses from cybersecurity professionals in various critical infrastructure sectors. There were more non-ransomware incidents (74.4%) reported than ransomware (11.7%) over the past year, according to the SANS report.

Other initial attack vectors involved in OT/ICS incidents include compromising OT and industrial control systems by used of external remote services (23.7%) or internet-accessible devices (23.7%); compromising employee workstations (20.3%) and removable media (20.3%); and a supply chain compromise (20.3%). It's worth noting that 18.6% respondents said attackers attempted spear phishing with an email attachment for the initial compromise.

One out of five, of 19%, of respondents reported one or more security incidents over the past year.

While only 12% of respondents reported being the targets of ransomware attacks in the past 12 months, the impact on the ICS/OT environment remains "potentially catastrophic," SANS said in the report. Of the organizations who reported a ransomware incident, 38% said only IT network systems were impacted and 28.6% said OT and ICS networks were affected. Just 21% said both networks were impacted. More than a third, or 38.1%, said reliabiiy and safety was compromised during those attacks.

"Although the overall trend [ransomware] seems to have decreased, the impacts are still potentially catastrophic, and should be considered for all ICS/OT- specific incident response programs," SANS said.

About the Author

Jennifer Lawinski, Contributing Writer

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights