Two new threat groups identified by Dragos in annual year in review report

Dragos

Dragos have unveiled their annual ICS/OT Cybersecurity Year in Review for 2022. The report disclosed the identification of two new threat groups: CHERNOVITE and BENTONITE. It also examines new and existing threat activity, key ransomware findings, service engagement updates, as well as information disclosed around key vulnerabilities.

One of the most significant findings from the report was that 2022 saw a breakthrough escalation in capabilities by a new modular industrial control systems (ICS) malware, PIPEDREAM, developed by the threat group CHERNOVITE. CHERNOVITE’S PIPEDREAM toolkit has the capabilities to impact tens of thousands of industrial devices that control critical infrastructure.

Dragos have assessed with high confidence that a state actor developed PIPEDREAM intending to leverage it in future operations for disruptive or destructive purposes. Although, they had not observed any examples of employment thus far.

The second newly identified threat group is BENTONITE, who have been increasingly and opportunistically targeting maritime oil and gas (ONG), governments, and the manufacturing sectors since 2021. The believe that BENTONITE conducts offensive operations for both espionage and disruptive purposes by exploiting vulnerable remote access assets or internet-exposed assets that can facilitate access.

Other key findings within the report include:

— Ransomware attacks against industrial organisations increased 87% over the last year.

— 72% of all ransomware attacks targeted 437 manufacturing entities in 104 unique manufacturing subsectors.

— 80% of services customers had limited OT visibility into their ICS environment.

— There was a 27% increase in the number of vulnerabilities that Dragos investigated in 2022 over 2021.

— Continued targeting of renewable energy companies in the U.S. and the European Union (EU).

The report also considers the impact of Russia’s invasion of Ukraine in February 2022. Dragos disclose that Ukraine saw increased threat group activity targeting its energy and critical industrial infrastructure sectors.

Share
Tweet
Post

Related posts

Scroll to Top