United States: Cyberattacks On Utilities Rise 200% In 2023

A recent report by asset intelligence firm Armis reveals drastic increase in cyberattacks in 2023

A recent report from cybersecurity asset intelligence firm Armis found that cyberattacks on utilities increased by more than 200% in 2023, with overall cyberattacks increasing by 104%.

Armis deployed its artificial intelligence to monitor billions of corporate computers and devices across the world. They found that many companies are running outdated operating systems and neglecting to run critical security patches.

Utilities and manufacturing saw the greatest increase in the number of attacks. Educational services and manufacturing companies were also common targets in 2023, as were the number of devices connected to networks or the internet.

Some other highlights from the report include:

• Attacks on the manufacturing industry rose by 165% in 2023
• 93% of wearable devices aren't patched for common security vulnerabilities
• More than 65,000 unique security vulnerabilities were discovered in 2023 alone

Armis points to rising geopolitical tensions as a leading trigger for the increase in cyberattacks. Cybercriminals are also attacking outdated devices and operating systems with increased frequency.

Among key vulnerabilities identified in the report, Armis found that older versions of Windows server operating systems (2012 and earlier) were 77% more likely to experience attacks than current operating systems. Armis also found that many industries are still using end-of-life (EoL) or end-of-service (EoS) operating systems — operating systems that are no longer supported by their creators. By industry, 18% of devices in educational services, 14% in retail, 12% in healthcare, 11% in manufacturing, and 10% in public administration are still using EoL or EoS operating systems.

What more cyberattacks mean for utilities

Utilities are critical infrastructure for the safe and reliable operation of society's basic life needs. Even minor disruptions to these services can result in asymmetrical negative impacts on industries and the individuals whose livelihoods, health, and safety depend on them. Electric utility grids, for example, require constant monitoring to ensure that loads on the system are balanced. As a result, organizations like utilities rely heavily on digital systems to inform decision-making, which introduces vulnerabilities in reporting and control mechanisms that can be exploited in a cyberattack to devastating effect.

The December 2015 power grid cyberattacks in Ukraine offer a glimpse of just how catastrophic electric outages can be and how widespread problems can cascade unchecked throughout the electric grid when reporting and control mechanisms are hacked. The hack on the power grid in western Ukraine resulted in outages for roughly 230,000 customers for 1-6 hours. The hack was attributed to Russian state actors, but utility hacks like this could become more common in the coming years. The recently leaked Pipedream software framework enables hackers to target programmable logic controllers and industrial control systems. Released in 2022, the software has been compared to the tools hackers used in 2015 on the utilities grid in Ukraine. These tools and others like them are currently available to hackers worldwide, making cybersecurity for utilities more important than ever.

Securing your systems

Cybercriminals will always attempt to hack vulnerable systems, but organizations can fortify their systems against those attacks to minimize risk. Below are examples of best practices that can help ensure your organization is ready to fend off cyberattacks.

• Use supported software: Make sure your systems are using current, supported versions of operating systems and other software. Current/supported software is often revised to reduce the risk of cyberattacks.
• Update often: Even if you are running the latest OS, be sure to update your operating system and any other applications and systems often. Keep in mind that updating systems and applications can lead to conflicts. Test updates in sandbox environments to ensure conflicts don't interrupt organizational operations.
• Install patches: Software updates and security patches aren't the same. Install security patches as quickly as possible.
• Minimize your attack surface: Reduce the number of internet-connected devices in your organization. Many may still need local network connections, but they may not require internet access. Limiting devices to local networks can reduce the chances of cyberattacks.
• Monitor your systems: Monitor your systems for cybersecurity breaches. You may be able to stop an attack before it happens or interrupt one, reducing damage and risks, by using monitoring solutions that can be tailor-made to fit the specifications of your systems.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.