Positive Technologies Records 91% Spike in Attacks on The Industrial Sector Between 2019 and 2020

Cybersecurity specialist, Positive Technologies reports that extensive analysis of cyberthreats in 2020 reveals a 91% jump in attacks on industrial companies and a 54% rise in malware-related attacks compared to 2019. Medical institutions ranked first in ransomware attacks.

The report, Cybersecurity Threatscape 2020 looks to shed light on the most important and emerging IT security threats. Information is drawn from Positive Technologies’ own expertise, outcomes of numerous investigations, and data from authoritative sources. It looks at key motives and methods of cyberattacks, and highlights the main trends in the changing cyberthreat landscape.

The total number of incidents grew by 51% compared to 2019. Seven out of 10 attacks were targeted. The most popular targets were government institutions (19%), industrial companies (12%) and medical institutions (9%).

In most cases, industrial companies were attacked by ransomware variants such as RansomExx, Netwalker, Clop, Maze, Ragnar Locker, LockBit, DoppelPaymer, and Snake (which deletes shadow copies before starting the encryption process, and has the ability to stop ICS-related processes). However, industrial companies were also attacked by many APT groups. CIS countries still suffer from the RTM group; in 2020, the PT Expert Security Center detected over 100 phishing emails sent by this group.

Dmitry Darensky, Head of Industrial Cybersecurity Practice at Positive Technologies, said: “The actuation of risks in the industrial sector can have global consequences—witness the cyberattack on water infrastructure in Israel or the attack in India that led to a power outage. Huber+Suhner and Honda both had to halt operations because of cyberattacks. Predicting the feasibility of the most dangerous risks and estimating their consequences for critical infrastructures is difficult, as even the most experienced specialists cannot guarantee that all protection mechanisms will work faultlessly. Penetration tests or threat modeling audits are not enough to provide a sufficient assessment of current risks. Conventional security assessments are either ineffective or cannot be performed in real infrastructures. A key aspect of security assessment is verification of the most dangerous and unacceptable industrial and business risks. To simulate an attack without affecting real-life systems, digital twins or a cyber-range can be used. A cyber-range provides a safe environment where experts can get the most comprehensive picture of whether certain risks can be triggered (for example, oil storage overflow), protection mechanisms will respond in time, and infosec teams will detect and stop an incident timely.”

Malware is becoming even more favored by for attackers—the past year saw an increase of 54% over 2019. Malware developers devised elaborate methods for concealing their actions and refined delivery techniques, turning their attention to vulnerabilities on the network perimeter. Attacks against individuals mainly built on spyware and banking trojans, while organizations were increasingly attacked by ransomware.

Ransomware was used in 45% of all malware-related attacks against organizations. Medical institutions ranked first in the number of ransomware attacks (17%), followed by government institutions (16%) and industrial companies (15%). In 2020, the strategy of demanding a double ransom for decrypting data and keeping stolen information private became an identifiable real trend. Throughout 2020, attackers created new ransomware websites, where they published stolen information when owners refused to pay a ransom. These operators not only blackmailed victims with threats to disclose the stolen data, but also performed DDoS attacks. Some also formed new alliances with other gangs, trying to profit by their affiliation with criminals higher up the pecking order.

In 2020, the number of attacks on medical institutions increased by 91% compared to 2019. In most cases, attackers used social engineering (66%) and hacking (21%). Malware was used in 68% of such attacks. And ransomware was used in 81% of all malware-related attacks against medical institutions.

Positive Technologies analyst Yana Yurakova said: “Amid the COVID-19 pandemic and overloaded health systems worldwide, hackers added fuel to the fire by disrupting the availability of medical information systems. The consequences are devastating: In 2020, the total damage caused by ransomware attacks against medical institutions in the U.S. was estimated to reach $20.8 billion. In this field, it’s not only financial consequences that matter, but also failure to offer medical assistance, as happened with Universal Health Services, the University of Vermont Medical Center, and a hospital in Düsseldorf, Germany.”


###