Back

Surge in Cyber-Attacks on Critical Infrastructure Linked to Political Motivations

Severity: High (Score: 77.0)

Sources: Prnewswire, Industrialcyber.Co, Cybersecuritydive, Facilitiesdive, Securitybrief.Au

Summary

Claroty's Team82 has reported a significant increase in cyber-attacks targeting cyber-physical systems (CPS), with 82% of over 200 incidents analyzed involving remote access protocols, particularly virtual network computing (VNC). The report highlights that 66% of these attacks compromised human-machine interfaces (HMIs) and supervisory control and data acquisition (SCADA) systems, critical for managing industrial processes. The majority of these attacks are attributed to politically motivated threat actors, specifically those linked to Iran and Russia, exploiting weak security measures such as default credentials and insecure protocols. Key sectors affected include manufacturing, water and wastewater, and power generation, which together account for over 45% of the incidents. The findings underscore the urgent need for enhanced cybersecurity measures in critical infrastructure environments. The report also notes that 81% of attacks attributed to Iran-affiliated groups targeted organizations in the U.S. and Israel, while 71% of Russia-affiliated incidents focused on EU countries, particularly Italy, France, and Spain. Key Points: • 82% of cyber-attacks on CPS utilized remote access protocols like VNC. • 66% of incidents involved the compromise of HMIs and SCADA systems. • Majority of attacks are politically motivated, linked to Iran and Russia.

Key Entities

  • Ransomware (attack_type)
  • OpIsrael (campaign)
  • Stryker (company)
  • France (country)
  • Greece (country)
  • Iran (country)
  • Israel (country)
  • Italy (country)
  • Energy (industry)
  • Healthcare (industry)
  • Manufacturing (industry)
  • Water (industry)
  • T1021.004 - SSH (mitre_attack)
  • T1021 - Remote Services (mitre_attack)
  • T1047 - Windows Management Instrumentation (mitre_attack)
  • T1110 - Brute Force (mitre_attack)
  • Modbus (platform)
  • Microsoft Intune (platform)
  • Censys (tool)
  • Shodan (tool)
  • VNC (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed