Several different surveys and news reports in recent weeks point to a large uptick in ransomware attacks in 2023 — and though it is only two months in to 2024 this trend shows no sign of slowing down.
First, let’s look at what happened in 2023.
According to Forescout Research there were more than 420 million critical infrastructure cyber attacks in 2023 — which works out to be about 13 attacks per second. That represents a 30 percent increase from the previous year, according to the report. Network infrastructure and Internet of Things devices — two of the mainstays of smart buildings — particularly surged in 2023.
“Among the IoT landscape, the spotlight falls on IP cameras, building automation systems and network-attached storage, emerging as the most sought-after targets for malicious actors,” a recent article in Security Magazine stated.
A January cybersecurity report from Armis found that geopolitical concerns are affecting the cybersecurity realm. The report also found that cyber-warfare grew more widespread, with manufacturing, educational services and public administration facing the most attacks from Chinese and Russian actors.
What about security systems, specifically? Two major security and building automation companies have themselves experienced recent ransomware attacks.
The first was Johnson Controls in October 2023. True to the global nature of many cyberattacks, the Johnson Controls incident began in its Asia offices before spreading across the company’s global network.
In an SEC filing on January 30th, the company wrote, “The cybersecurity incident consisted of unauthorized access, data exfiltration, and deployment of ransomware by a third party to a portion of the Company’s internal IT infrastructure.” The company worked with cybersecurity experts to recover from the incident, but suffered around $27 million in expenses and losses from the event.
This year, Schneider Electric Sustainability Business division also suffered a ransomware incident on January 17th, 2024, according a Security Magazine article about the incident.
Speaking of this event, security leaders speculated on how Schneider may have protected its customers, guidance that is good guidance for any company — and for end users to ask their providers of security and smart building systems:
Sarah Jones, cyber threat intelligence research analyst for Critical Start, said: “While Schneider Electric maintains confidentiality regarding the specifics of their Sustainability Business division’s isolation, industry best practices suggest a layered approach. This approach likely includes network segmentation to confine the division’s IT infrastructure, minimizing the attack surface. Firewalls and security controls act as gatekeepers, restricting traffic flow and preventing lateral movement or data exfiltration. In more extreme cases, it is possible the division’s network might be air-gapped, offering the strongest isolation but at the potential cost of operational challenges. It is also likely the Schneider maintains dedicated security tools and personnel, enabling scanning for suspicious activity and swift detection and response capabilities. Additionally, access controls ensure only authorized individuals can access the systems, preventing unauthorized modifications. While sensitive data is likely encrypted at rest and in transit, providing an additional layer of protection.”
With a new report on the “State of Ransomware” from Delinea finding that not only are ransomware attacks increasing again, but that cybercriminals are also changing their strategy — from crippling a company and holding it hostage to using more stealth methods of “exfiltrating” private data and selling it to the highest bidder or leveraging it to get a large cyberinsurance payment — it is critical to make sure that not only your own networks are as secure as possible, but that your providers are also taking steps like those suggested by Jones to ensure minimal impact on your organization if they in turn experience a breach.