Dragos 2023 Year in Review Report

Keypoints

• Cybersecurity reports from major vendors typically structure in sections such asIntroduction, Threat Landscape, Key Highlights, Vulnerability Analysis, and Defensive Recommendations, providing a comprehensive view of annual threats, incidents, and strategic insights.
• 2023 saw a 50% increase in industrial ransomware incidents, with 905 reported cases, highlighting the significant rise in targeted attacks against manufacturing, energy, and critical infrastructure sectors.
• Threat activity was heavily influenced by regional conflicts, notably in Ukraine and the Middle East, with threat groups like ELECTRUM and VOLTZITE conducting targeted operations, espionage, and destructive malware deployments.
• Many vulnerabilities, including critical flaws in Rockwell Automation devices, were identified, with 31% of advisories containing errors, yet community efforts enabled effective detection and response through coordinated collaboration.
• Attack techniques evolved to leverage native functionalities and living-off-the-land (LOTL) methods, making detection more challenging, while adversaries continued exploiting internet-facing devices and public vulnerabilities for reconnaissance and access.
• Operational technology (OT) threat groups expanded to 21, with three new threat groups (Gananite, Laurionite, VoltZite) primarily conducting long-term reconnaissance and intellectual property theft, often evading detection using Stealth tactics.
• Analysis underscores the need for improved network segmentation, monitoring outbound communication, vulnerability management, and proactive threat hunting to mitigate growing and sophisticated industrial cyber threats.