Are you ready to tackle the evolving challenges in OT cybersecurity? Over the past year, the operational technology (OT) cybersecurity landscape has undergone significant shifts, marked by unexpected developments. Dragos’s OT Cybersecurity Year in Review Report distills these experiences into actionable lessons and strategies, serving as your roadmap to achieving a more secure industrial environment in 2025.
What You Can Expect in This Year’s Report
Here’s a snapshot of what we’ll cover in this year’s OT Cybersecurity report:
- We introduce new Dragos Threat Groups identified in 2024 and other observed adversary activity in the past year.
- We summarize and drill down into the significant growth in ransomware attacks impacting industrial sectors.
- We cover increased activity by hacktivists and nation-state adversaries driven by geopolitical events in the past year.
- We discuss how the standardization of industrial control systems (ICS) environments is leading to impacts on multiple organizations and industries with single portable exploits.
- We feature the regulations and guidelines that helped focus and strengthen OT cybersecurity defenses.
Register your interest in the 2025 OT Cybersecurity Report. Get immediate access once it’s available.
Register TodayKey Insights from Last Year’s OT Cybersecurity Report
The release of Dragos’s OT Cybersecurity Year in Review in 2024 was a wake-up call for organizations operating in the industrial sector. It shined a spotlight on an increasingly complex and hostile threat landscape, offering valuable insights and actionable recommendations to fortify operational technology (OT) against evolving cyber threats. Here’s a breakdown of the key highlights from this comprehensive report.
Geopolitical Turmoil and Rising Cyber Threats
2023 saw significant geopolitical tensions that directly impacted OT security worldwide. Ransomware attacks increased significantly, vulnerabilities accumulated, and threat actors became more sophisticated. These challenges emphasize the urgency for OT asset owners to enhance defenses proactively.
The Evolving Cyber Threat Landscape
Dragos Intelligence identified 21 threat groups targeting industrial organizations, including three new groups:
- VOLTZITE: Linked to reconnaissance and enumeration of U.S. electric companies, and active across sectors like emergency services, defense, and telecommunications.
- GANANITE: Focused on espionage and data theft targeting Central Asian nations.
- LAURIONITE: Exploits Oracle E-Business Suite to infiltrate industries such as aviation, manufacturing, and government.
The activities of these groups highlight the importance of secure remote access, multi-factor authentication (MFA), and close monitoring of OT network connections.
Cyber Conflict as a New Battleground
Critical infrastructure became a key target in geopolitical conflicts. Advanced threat groups like ELECTRUM, KAMACITE, and VOLTZITE exploit OT vulnerabilities to achieve their objectives. Even hacktivist groups like CyberAv3ngers successfully disrupted critical utilities. Maintaining situational awareness through cyber threat intelligence is crucial to counteract these threats.
Living Off the Land (LOTL) Techniques
Adversaries increasingly used LOTL techniques, leveraging tools already present in industrial systems. This approach allows them to evade detection and stay persistent. To counteract this, organizations should:
- Maintain up-to-date asset inventories.
- Monitor network traffic continuously.
- Employ behavioral detection techniques.
Industrial Ransomware Risks
With a staggering 49.5% increase in ransomware incidents in 2023, manufacturing bore the brunt, accounting for 70% of attacks. A multi-layered defense strategy, including network segmentation and stricter access controls, is vital to minimize disruptions and financial losses.
Managing OT Vulnerabilities
Dragos identified and analyzed over 2,000 vulnerabilities impacting industrial systems in 2023. However, only 3% required immediate action. This underscores the importance of a risk-based vulnerability management approach that prioritizes critical threats while balancing operational continuity.
Proactive Incident Response
The focus on tabletop exercises across sectors, particularly in the electric industry, grew significantly in 2023. An OT-specific incident response plan (IRP) is no longer optional—it’s a necessity. Such plans should account for the unique characteristics of OT environments and be distinct from IT-focused strategies.
Building a Resilient Future in Industrial Cybersecurity
Resiliency is at the heart of Dragos’s recommendations, aligning with the SANS 5 Critical Controls for World-Class OT Cybersecurity. Enhancing OT network visibility remains a top priority, with over half of Dragos Professional Services reports citing this as a key area for improvement.
Register Your Interest for the 2025 OT Cybersecurity Report
The Dragos OT Cybersecurity Year in Review is more than a report—it’s a roadmap. By understanding the threats, vulnerabilities, and victories of the past year, OT asset owners and defenders can better prepare for the challenges ahead. The stakes are high, but so are the opportunities for progress.
Register to have the latest OT Cybersecurity Report delivered directly to your inbox as soon as it is available. You’ll get immediate access to the insights and recommendations that will shape OT cybersecurity in 2025.
Ready to put your insights into action?
Take the next steps and contact our team today.