Skip to main content
close search
site logo
Dive Brief

Threat actors pressure OT, critical infrastructure by leaking sensitive data

Published Feb. 2, 2022
David Jones's headshot
Reporter
Amtrak Coast Starlight Train
Laser1987 via Getty Images

Dive Brief:

  • Threat actors divulged sensitive data from operational technology (OT) environments in one in seven leaks targeting industrial organizations, according to Mandiant researchers.
  • Mandiant researchers identified more than 3,000 extortion leaks in 2021. About 1,300 of the leaks came from industrial organizations that were likely to use OT environments, including manufacturing plants, water companies and energy facilities.
  • Leaked data includes password administration credentials from a maker of industrial and passenger trains, a hydroelectric power producer's list of user privileges and passwords, and source code from a provider of satellite vehicle tracking systems.

Dive Insight:

The report highlights the risks critical infrastructure and production facilities face against sophisticated threat actors. Sensitive information that is essential to running these facilities safely is frequently exposed on the dark web and threatens the stability of key industrial sites. 

"Ransomware operators often advertise their victims and subsequent victims' data dumps as part of their multifaceted extortion scheme," Nathan Brubaker, director, Mandiant Threat Intelligence, said via email.

By posting sensitive information about these companies on shaming sites, a threat actor can leverage that information to attempt a forced payment. Victim companies become exposed to additional harm by other threat actors who can attempt to extort additional payments or leverage information for future attacks.

The report comes at a time when nation-state and criminal threat actors have ramped up attacks on major industrial sites in the U.S. 

Colonial Pipeline, the largest fuel supplier to the eastern U.S., was attacked in May 2021. Colonial paid more than $4.4 million to the attackers in order to resume operations after six days of fuel shortages and panic buying disrupted much of the southern and eastern U.S. 

Weeks later, federal authorities recovered about $2.3 million of the ransomed funds after investigators were able to partially trace the source of the cryptocurrency payments to the threat actors. 

Authorities issued warnings in late 2021 warning local grain were targeted in several ransomware attacks in Iowa, Minnesota and other states. Federal officials later warned of attacks against water and wastewater treatment facilities. 

Now, attention is turning toward critical infrastructure providers as authorities are urging organization to take measures against potential attacks in connection to the conflict over Ukraine.

Research from Nozomi Networks shows that while ransomware activity against critical sites rose during the second half of 2021, organizations are beginning to step up their efforts to prevent future attacks. 

Filed Under: Threats

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Threats
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell