ICS Ransomware Trends – Dragos Analyzes ICS Ransomware Attacks for Q2 2023

Dragos continues tracking ransomware incidents impacting industrial organizations and has published its latest findings for Q2 2023. Overall, ransomware activity targeting industrial organizations and infrastructure is sustaining its trend upward resulting in more incidents and new or rebranded threat groups compared to last quarter. Dragos called it “an exceptionally active period” and assesses with moderate confidence that the current trend will continue.

According to its latest report, Dragos tallied 253 incidents compared to the 214 last quarter. This activity included five new ransomware groups this quarter (66) than last (61), with thirteen more causing impact, 33 over 20, respectively. The groups most concerning for ICS organizations are LockBit, AlphaV, and Black Basta. Dragos noted that these groups continued to employ previously effective tactics, including exploiting zero-day vulnerabilities, leveraging social engineering, targeting public-facing services, and compromising IT service providers. Also notable is that Dragos observed an overlap in victim profiles between some ransomware-as-a-service (RaaS) groups, initial access brokers (IABs), and phishing-as-a-service (PhaaS) groups.

While the observed attacks against water and wastewater (2) and electric (1) utilities were low during Q2, members are highly encouraged to maintain awareness of and validate protections against the behaviors and the active groups demonstrating interest and capability to impact industrial organizations and infrastructure. For more analysis and to access the report, visit Dragos.