Securin identifies the top threat actors targeting Industrial Control Systems and Operational Technology, pinpoints the specific sectors they target, and exposes the critical vulnerabilities they exploit to launch attacks.
 Securin, a leader in proactive cybersecurity solutions and continuous threat monitoring, has released its Critical Infrastructure Overview 2024 report. This comprehensive analysis, examining over 1,700 attacks on critical infrastructure, sheds light on the vulnerabilities plaguing vital industries, including manufacturing, energy, water, and healthcare at a time when cyberattacks on these sectors are escalating at an alarming rate.
Critical infrastructure, as defined by the Cybersecurity and Infrastructure Security Agency (CISA), includes systems and assets so vital to the United States that their incapacitation would have a debilitating effect on security, national economic security, public health, or safety. As the report highlights, these sectors are increasingly targeted by sophisticated threat actors, making it a collective priority for private and public enterprises to address.
The top takeaways from this report include:
- The Most Vulnerable Sectors: The report identifies manufacturing, water and wastewater utilities, energy, and healthcare as the most vulnerable critical infrastructure sectors, collectively accounting for the majority of targeted attacks. These sectors face escalating risks due to a mix of legacy systems, misconfigurations, and a growing attack surface.
- Attack Vectors: Vulnerability and misconfiguration exploits remain the leading attack vector (30%), followed by compromised credentials (22.8%) and spearphishing via links or attachments (19%). Threat actors are exploiting legacy systems and poor security hygiene to gain entry into critical systems.
- Threat Actors: Nation-state actors from countries such as Iran and Russia are among the leading attackers targeting critical infrastructure. Ransomware groups like Sandworm and BlackCat have exploited outdated software and unpatched vulnerabilities, often leveraging geopolitical tensions to focus their efforts on critical sectors.
- Common Vulnerabilities and Common Weakness Enumeration (CWEs): The report identifies Cross-Site Scripting (CWE-79), Exposure of Sensitive Information (CWE-200), and SQL Injection (CWE-89) as persistent vulnerabilities across critical infrastructure systems. These weaknesses highlight the need for secure by design software development practices and rigorous patch management.
As the stakes for critical infrastructure grow higher, Securin emphasizes the importance of proactive measures to defend against the evolving cyber threat landscape. The Critical Infrastructure Overview 2024 report provides actionable insights and best practices for organizations to strengthen their security posture. Collaboration across industries, governments, and cybersecurity leaders is essential to safeguard these vital sectors.
“The relentless targeting of our nation’s critical infrastructure by threat actors demands urgent action,” said Ram Movva, CEO of Securin. “Understanding who these attackers are and how they operate is crucial to closing the gaps in our defenses. Through the hard work of our research and analyst team, we cast a much-needed light on a growing national security issue and provide guidance in enacting security measures that exceed the scale and complexity of these threats. With the right collaboration and decisive action, I am confident we can protect the systems that underpin our society and ensure a more secure future.”
Download the full report to better understand the challenges ahead and join the effort to secure the foundations of our infrastructure.
Also Read: CIO Influence Interview with David Nuti, Head of Security Strategy, Extreme Networks
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
