Ransomware attacks against ICS systems: results of IBM X-Force-Dragos joint research published

ICS cyber security blog guest post:
Ransomware attacks against ICS systems: results of IBM X-Force-Dragos joint research published

09 January 2021 – icscybersec

IBM security researchers have been part of a team known as X-Force since the company’s acquisition of Proventia in the mid-2000s. Over the past nearly a decade and a half, they have made a number of important discoveries in the field of cybersecurity, and now a member of this team, Camille Singleton, and Dragos researcher Selena Larson, have teamed up to investigate ransomware attacks on ICS systems.

The researchers’ main conclusions are as follows:

– In 2020, the number of ransomware attacks against industrial organisations increased by more than 500%(!), with organisations using manufacturing automation (one third of all incidents) and utility ICS systems (10% of incidents) being the main victims of such attacks (I have written about at least 13 such incidents on this blog in the last year alone)

– The newer ransomware viruses can even interfere with the control of industrial processes, even stop the controlled physical processes!

– Groups developing ransomware are increasingly relying on stealing confidential data in addition to encrypting important data, and then blackmailing them by making that data public.

– Data stolen in this way from industrial organisations and published on the Internet or the Dark Web can later be used in further attacks against the organisations concerned.

– Against targeted attacks against ICS systems, defence-in-depth and network and system design activities that incorporate security considerations at an appropriate level can provide an acceptable level of security if prevention is the primary concern.

The researchers’ full 13-page publication (after registration) is available on the Dragos website.


The original guest post was published on the ICS cyber security blog.

Translated by DeepL.