Operational Technology Suffers Even When Information Technology Is Targeted

According to CSO, in 2023, there was a rise in cyber-attacks on the operational technology (OT) systems of industrial companies by new advanced threat groups, notably LAURIONITE and VOLTZITE.

VOLTZITE, also known as Volt Typhoon, is associated with China and has infiltrated the IT networks of various critical infrastructure organizations. Its primary objective is to breach OT assets to cause disruptions, particularly in response to geopolitical tensions.

LAURIONITE has been exploiting vulnerabilities in Oracle E-Business Suite web services. CSO highlights that Oracle E-Business Suite is widely used across different economic sectors for integrated business processes. The primary targets of LAURIONITE have been industries such as aviation, automotive, and manufacturing.

Industrial cybersecurity firm Dragos has warned about the inadequate quality of vulnerability information and mitigation guidance for OT assets in industrial organizations. Dragos tracks vulnerability information provided by OT vendors and found that approximately one-third of asset owners had incorrect information, potentially undermining the seriousness with which vulnerabilities are addressed.

While ransomware groups typically don’t directly target OT, companies whose IT networks are attacked often opt to shut down their OT systems to prevent further damage. Ransomware attacks increased by 50% last year, with seven out of ten impacting manufacturers.

Dragos emphasizes that OT differs significantly from IT and requires mitigation strategies tailored to strict operational requirements, prioritizing uptime, and considering the specific configuration and implementation of each asset.