Extensive analysis of cyberthreats in 2020 reveals a 91% jump in attacks on industrial companies and a 54% rise in malware-related attacks compared to 2019, according to Positive Technologies.
“The actuation of risks in the industrial sector can have global consequences—witness the cyberattack on water infrastructure in Israel or the attack in India that led to a power outage. Huber+Suhner and Honda both had to halt operations because of cyberattacks. Predicting the feasibility of the most dangerous risks and estimating their consequences for critical infrastructures is difficult, as even the most experienced specialists cannot guarantee that all protection mechanisms will work faultlessly. Penetration tests or threat modeling audits are not enough to provide a sufficient assessment of current risks. Conventional security assessments are either ineffective or cannot be performed in real infrastructures. A key aspect of security assessment is verification of the most dangerous and unacceptable industrial and business risks. To simulate an attack without affecting real-life systems, digital twins or a cyber-range can be used. A cyber-range provides a safe environment where experts can get the most comprehensive picture of whether certain risks can be triggered (for example, oil storage overflow), protection mechanisms will respond in time, and infosec teams will detect and stop an incident timely,” says Dmitry Darensky, head of industrial cybersecurity practice at Positive Technologies.
From Positive Technologies:
- Seven out of 10 attacks were targeted. The most popular targets were government institutions (19%), industrial companies (12%) and medical institutions (9%).
- Ransomware was used in 45% of all malware-related attacks against organizations. Malware was used in 68% of such attacks. And, ransomware was used in 81% of all malware-related attacks against medical institutions.
“Amid the COVID-19 pandemic and overloaded health systems worldwide, hackers added fuel to the fire by disrupting the availability of medical information systems. The consequences are devastating: In 2020, the total damage caused by ransomware attacks against medical institutions in the U.S. was estimated to reach $20.8 billion. In this field, it’s not only financial consequences that matter, but also failure to offer medical assistance,” says Positive Technologies analyst Yana Yurakova.