Over the past three years, about 600,000 attempts of cyber attacks have been made on the industrial sector.
Every third successful cyber attack on industrial enterprises is associated with espionage, according to an analytical report by the Solar Group of companies. Major incidents in the industry are related to user accounts and their control. At the same time, the darknet shows an increased interest in industry (especially in heavy industry and the fuel and energy sector): hackers often look for access and other data that will help them get into the enterprise network and remain unnoticed for as long as possible.
Among the incidents recorded by Solar, there are attempts to select a password, including from critical systems, administrative access outside, and numerous account locks. Over the past three years, about 600,000 attempts of cyber attacks have been made on the industrial sector.
According to the report, only 1% of the leaked data relates to industry, and another 3% - to telecom. We are talking about the theft of technical information, customer data and transactions.
Incidents in the industry are rarely made public. After penetration, attackers try not to attract attention, do not put databases in open access, and do not seek to make PR for themselves on such attacks, the company notes. This once again indicates that the main purpose of cyber attacks against the industry is espionage. "In some cases, hackers can remain undetected in the enterprise infrastructure for months, extracting valuable information, developing an attack, trying to increase the scale of malicious impact, or implement an attack on the supply chain," Solar added.
Malware attacks are also common in the industry. According to Solar JSOC, about 10% of confirmed incidents (i.e., those that the customer responded to and confirmed as critical for the business) are of the "virus detected on the host and not removed"type. The problem of mining viruses is particularly relevant (almost 4%), which is explained by the scale of distributed infrastructures and the complexity of monitoring compliance with information security policies. At the same time, the capacity of the equipment used in enterprises gives attackers enough resources to mine cryptocurrencies. Although most often HPE still "tries" to perform password selection or exploit the EternalBlue vulnerability (which caused the WannaCry and NotPetya epidemics at one time).
Industry and telecom account for 35% of all organizations that have already detected viruses in their infrastructure. According to Solar 4RAYS, the average infection period in 2024 is 11.9 months, for industrial networks-12.5 months, for telecom-11.3 months. In 2023, the values were lower – 6.73 months for all industries, and 8.5 and 11.3 months for industry and telecom, respectively.
As for enterprise vulnerabilities, according to security analysis, the industry and telecom sectors account for 22% of all detected vulnerabilities with a high level of criticality. Within these industries, 41% of vulnerabilities were identified in the energy sector, 25% in telecom, 18% in the oil and gas sector, and 16% in manufacturing. Telecom and energy also account for most of the most dangerous (business-critical) vulnerabilities.
Most of the vulnerabilities found are related to weak password policies (30%) and access control flaws (20%). The risks associated with using components with known vulnerabilities (10%), configuration flaws (10%), and injections (10%) are also relevant.
Every third successful cyber attack on industrial enterprises is associated with espionage, according to an analytical report by the Solar Group of companies. Major incidents in the industry are related to user accounts and their control. At the same time, the darknet shows an increased interest in industry (especially in heavy industry and the fuel and energy sector): hackers often look for access and other data that will help them get into the enterprise network and remain unnoticed for as long as possible.
Among the incidents recorded by Solar, there are attempts to select a password, including from critical systems, administrative access outside, and numerous account locks. Over the past three years, about 600,000 attempts of cyber attacks have been made on the industrial sector.
According to the report, only 1% of the leaked data relates to industry, and another 3% - to telecom. We are talking about the theft of technical information, customer data and transactions.
Incidents in the industry are rarely made public. After penetration, attackers try not to attract attention, do not put databases in open access, and do not seek to make PR for themselves on such attacks, the company notes. This once again indicates that the main purpose of cyber attacks against the industry is espionage. "In some cases, hackers can remain undetected in the enterprise infrastructure for months, extracting valuable information, developing an attack, trying to increase the scale of malicious impact, or implement an attack on the supply chain," Solar added.
Malware attacks are also common in the industry. According to Solar JSOC, about 10% of confirmed incidents (i.e., those that the customer responded to and confirmed as critical for the business) are of the "virus detected on the host and not removed"type. The problem of mining viruses is particularly relevant (almost 4%), which is explained by the scale of distributed infrastructures and the complexity of monitoring compliance with information security policies. At the same time, the capacity of the equipment used in enterprises gives attackers enough resources to mine cryptocurrencies. Although most often HPE still "tries" to perform password selection or exploit the EternalBlue vulnerability (which caused the WannaCry and NotPetya epidemics at one time).
Industry and telecom account for 35% of all organizations that have already detected viruses in their infrastructure. According to Solar 4RAYS, the average infection period in 2024 is 11.9 months, for industrial networks-12.5 months, for telecom-11.3 months. In 2023, the values were lower – 6.73 months for all industries, and 8.5 and 11.3 months for industry and telecom, respectively.
As for enterprise vulnerabilities, according to security analysis, the industry and telecom sectors account for 22% of all detected vulnerabilities with a high level of criticality. Within these industries, 41% of vulnerabilities were identified in the energy sector, 25% in telecom, 18% in the oil and gas sector, and 16% in manufacturing. Telecom and energy also account for most of the most dangerous (business-critical) vulnerabilities.
Most of the vulnerabilities found are related to weak password policies (30%) and access control flaws (20%). The risks associated with using components with known vulnerabilities (10%), configuration flaws (10%), and injections (10%) are also relevant.
