ENISA Warns of Increase in State-Sponsored OT Hacking

According to a recent report from the European Union Agency for Cybersecurity, operational technology (OT) hacking will gain more attention from state-sponsored hacking groups as geopolitics influence the cyber threat environment.

Juhan Lepassaar, ENISA Executive Director, says, “Today’s global context is inevitably driving major changes in the cybersecurity threat landscape. The growing range of threat actors shapes the new paradigm. We enter a phase which will need appropriate mitigation strategies to protect all our critical sectors, our industry partners, and therefore all EU citizens.” ENISA’s report analyzes cyber incidents during the second half of 2021 and the first half of 2022 and uses that information to predict what could happen soon.

Evidence to support the prediction about the growing interest in state-sponsored OT hacking includes the April detection of malware dubbed Industroyer2 by cybersecurity firm Eset, which was used in an attempt to infect high-voltage electrical substations in Ukraine. The month of April also saw the public exposure of attack tools dubbed Incontroller. Mandiant and Schneider Electric’s analysis determined that Incontroller “is very likely state-sponsored and contains capabilities related to disruption, sabotage, and potentially physical destruction” of machine automation devices.

ENISA says that Industroyer2 and Incontroller are the fifth and sixth known examples of industrial control system-specific malware.

The cybersecurity agency’s report states, “In our assessment, state-backed threat actors will step up their reconnaissance against OT networks develop capabilities and increasingly target them for the foreseeable future, especially during times of crisis and armed conflict.”

The agency has also observed an increase of state-sponsored hackers focusing on supply chain compromises. Over the past three years, private sector cybersecurity companies have reported a significant increase in government hacking into managed services providers and IT services organizations to gain access to networks of hundreds of victims.

Although the frightening cyberwar instigated by Russia’s invasion of Ukraine has not yet materialized, ENISA believes there is a possibility that Western countries and NATO allies will experience cyberattacks against critical infrastructure as retaliation for supporting Kyiv.

How can Abacode help?

Abacode is innovating the industry by providing a more comprehensive/single-view approach to IT and OT cybersecurity and compliance. We address our customers’ IT and OT security challenges by delivering managed cybersecurity & compliance programs and our 24/7/365 Security Operations Center (SOC).

For more information on how Abacode can help keep your organization’s Operation Technology secure and compliant contact us.