KRITIS increasingly targeted by ransomware

August 14, 2024
| Ein Kommentar
KRITIS increasingly in the crosshairs of ransomware - Image by IntelligentVisualDesing on Pixabay
Advertising

Share post

Companies in the KRITIS energy and water sectors have a significantly higher attack rate of 67 percent than the global average (59 percent). 55 percent needed more than a month to recover after the attack. Findings from the Sophos report "The State of Ransomware in Critical Infrastructure 2024".

The results of its industry study entitled “The State of Ransomware in Critical Infrastructure 2024” speak for themselves: water, energy, oil and gas are among the sixteen critical infrastructure sectors defined by CISA, which are examined in more detail in the study.

Advertising

Restoration costs quadrupled to 2,8 million euros

🔎 The critical energy and water sectors have a significantly higher attack rate of 67 percent than the global average of 59 percent (Image: Sophos).

The results of the survey of 5.000 cybersecurity/IT executives worldwide, 275 of whom are in the KRITIS sector, show that the average restoration costs for the two infrastructure sectors of energy and water quadrupled to 2,8 million euros last year. This means that the costs in this sector are around four times higher than the global and cross-sector average (median).

"Cybercriminals are focusing on industry sectors where they cause the most pain and disruption. At the same time, the public, especially in the critical infrastructure environment, is demanding quick solutions to restore services - even paying ransoms if necessary. This makes utilities prime targets for ransomware attacks," says Chester Wisniewski, Global Field CTO. "Unfortunately, utilities are vulnerable to attacks in many ways, including high availability requirements and a physical security-focused engineering mindset. Added to this are some older technologies without modern security and a general lack of IT security staff."

Advertising

Subscribe to our newsletter now

Read the best news from B2B CYBER SECURITY once a month



By clicking on "Register" I agree to the processing and use of my data in accordance with the declaration of consent (please open for details). I can find more information in our Privacy Policy. After registering, you will first receive a confirmation email so that no other person can order something you don't want.
Expand for details on your consent
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. Detailed information can be found in our Privacy Policy. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.

CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest. For more information, see the privacy policy of CleverReach at: https://www.cleverreach.com/de/datenschutz/.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Almost half of the attacks were carried out through exploited vulnerabilities

In addition to rising recovery costs, the median ransom payments for organizations in the energy and water sectors also rose to more than €2,3 million in 2024. This is around €460.000 higher than the global, cross-sector average. The two sectors also reported the second highest rate of ransomware attacks in 67 at 2024 percent - compared to the cross-industry average of 59 percent. In addition, 49 percent of ransomware attacks on these two critical infrastructure sectors began with an exploited vulnerability.

Energy and water utilities are also reporting increasingly longer recovery times. Only 20 percent of companies affected by ransomware were able to recover in a week or less in 2024, compared to 41 percent in 2023 and 50 percent in 2022. Fifty-five percent needed more than a month to recover, compared to 36 percent in 2023. In comparison, across all sectors, only 35 percent of companies needed more than a month to recover.

Highest rate of compromised backups, increasing recovery times

When considering the ability to recover quickly, intact backups play a crucial role. The two critical infrastructure sectors reported the highest rate of compromised backups (79 percent) and the third highest rate of malicious encryption (80 percent) compared to the other industries studied.

"An increasing number (61 percent) paid the ransom as part of their recovery strategy, yet recovery took longer. Paying large ransoms not only encourages cybercriminals to carry out more attacks, but it also prevents organizations from achieving their desired goal of faster recovery time," said Wisniewski. "Utilities should take active steps to monitor their remote access and network systems for vulnerabilities. They should ensure they have XNUMX/XNUMX monitoring and response capabilities to minimize outages and reduce recovery times. Incident response plans should be planned in advance, just as they are for fires, floods, hurricanes and earthquakes, and rehearsed regularly."

background to the study

Data for the State of Ransomware in Critical Infrastructure 2024 report comes from 275 respondents across the energy, oil and gas, and utilities sectors, which are part of the power and water sectors. The results of this industry survey are part of a broader, independent survey of 5.000 cybersecurity/IT executives conducted across 2024 countries and 14 industries between January and February 15.

More at Sophos.com

 

About Sophos

More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.

 

Matching articles on the topic

Zero-Trust Architecture – Opportunities & Risks

Trust is good, control is better: The Zero Trust architecture turns traditional security models on their head by checking every access – ➡ Read more

25 years with numerous cybersecurity challenges

As we approached the year 2000, the IT and business world looked with concern at the infamous “Y2K bug” – a ➡ Read more

AI poses growing challenges for data protection in 2025

With the introduction of generative AI in many companies, the amount of data that needs to be protected has increased by 2024. ➡ Read more

Threats in the European retail sector

In 2024, business services were the most frequently attacked sector in the retail sector, followed by retail and manufacturing. In France, Germany, and Italy ➡ Read more

Real-time deepfakes: The new dimension of cyberattacks

Artificial intelligence will also determine cybersecurity in 2025. One of the fields in which it has been used for some time is ➡ Read more

Cybersecurity in EMEA: These are the trends

Advanced ransomware, cloud attacks, and AI-based cyber warfare will threaten corporate cybersecurity in 2025. Phishing is the most common method of distributing malicious files. ➡ Read more

Study: Ransomware causes significant damage to companies

A ransomware attack causes maximum damage to companies: It takes a long time to resume normal operations afterwards. This leads to significant ➡ Read more

Cybersecurity: How platformization reduces complexity

For many companies, the complexity of their different security solutions represents a major challenge, according to a new global study ➡ Read more

EDR, MDR, NDR, XDR, Sophos, Stories
, , , , , ,