According to the latest report by the information security company Dragos, hackers pose a serious threat to the European industrial infrastructure.
Currently, industrial enterprises in Europe are being attacked by at least ten cybercrime groups – Xenotime, Magnallium, Electrum, Allanite, Chrysene, Kamacite, Covellite, Vanadinite, Parisite and Dymalloy. Some of them are connected with China, Russia, Iran and the DPRK. However, in addition to APT groups working for the government, the industrial sector is also being attacked by cybercriminals who are hungry for profit.
Of the 3.2 thousand vulnerabilities related to operational technologies (OT) tracked by Dragos specialists, about 500 directly affect enterprises in Europe. More than a hundred of them can be exploited by hackers due to lack of visibility and/or loss of control.
Nevertheless, with an average degree of confidence, experts report that the risk of destructive cyberattacks capable of destroying industrial infrastructure in Europe is quite small. With a low degree of confidence, they believe that Europe is at low risk of local or small-scale destruction, since government hackers “can conduct low-stakes operations when it is considered politically or economically advantageous.”
On the other hand, there are many other threats that should not be ignored by European organizations, and one of them is extortionate software. As the analysis of the sites of cyber–extortionate groups leaks shows, almost a quarter of the victims of extortionists are manufacturing enterprises in Europe.
Dragos experts noted threats to oil and gas companies from the Xenotime and Dymalloy groups. The report also highlights the threat to the UK energy sector, especially small distribution networks and power plants, which could become the target of ransomware or other destructive attacks.