The Evolving Landscape of Cyberattacks in 2024: A Focus on Physical Consequences
As we delve into the cyber threat landscape of 2024, a notable trend emerges: while the overall increase in cyberattacks causing physical consequences has slowed compared to 2023, the number of affected sites has surged dramatically. According to Waterfall Security, the year witnessed a staggering 146% increase in sites experiencing physical repercussions from cyberattacks, escalating from 412 in 2023 to 1,015 in 2024. This alarming statistic highlights the persistent and evolving nature of cyber threats, particularly against Operational Technology (OT) organizations.
Regulatory Changes and Reporting Dynamics
One potential explanation for the decelerating rate of reported OT security incidents may lie in the introduction of new disclosure regulations by the Securities and Exchange Commission (SEC). Enforced since late 2023, these regulations mandate publicly traded companies to report “material” cybersecurity incidents. This shift has led to a more cautious approach among legal teams, who now engage earlier in the reporting process, disclosing only what is legally necessary to mitigate potential legal risks. Consequently, while the threat landscape continues to grow, fewer incidents with physical consequences may be publicly reported, creating a misleading perception of safety.
Nation-States and Hacktivists: Targeting Critical Infrastructure
The motivations behind cyberattacks have evolved, with nation-states and hacktivists increasingly targeting critical infrastructure to induce physical consequences. Western intelligence agencies have identified ongoing cyber threats from China as a significant concern, underscoring the geopolitical dimensions of cyber warfare. In North America, the water and wastewater sector has become a focal point for attacks, with a notable increase in both frequency and severity. Of the seven reported incidents, five were attributed to Russia’s notorious Sandworm group, which has a history of targeting Ukraine’s power grid.
Regionally, the United States and Germany experienced the highest number of incidents with physical consequences in 2024, followed closely by Japan, the United Kingdom, and Canada. The reasons behind these regional trends remain somewhat ambiguous, but it is plausible that ransomware groups are expanding into markets with robust economies and a higher likelihood of ransom payments. Additionally, politically supported ransomware groups and nation-state actors may be strategically targeting victims in economically significant regions such as the US, Europe, and Asia-Pacific.
Industry-Specific Impacts and Trends
In 2024, the hospitality industry saw two new incidents involving automated “smart” buildings, while the oil and gas sector reported no new attacks. Notably, 69% of attacks with physical consequences targeted the transportation and discrete manufacturing industries. This trend raises concerns about the vulnerabilities inherent in these sectors, which are critical to the functioning of modern economies.
Analysis of attack patterns reveals that 13% of incidents with physical consequences directly impacted OT automation systems, while a staggering 90% caused physical repercussions indirectly. This data mirrors findings from 2023, indicating a consistent trend in the nature of cyberattacks affecting critical infrastructure.
GPS Systems Under Siege
The year 2024 also highlighted the growing risks associated with cyber interference in GPS systems. Three major incidents underscored this vulnerability:
-
Finnair Flight Cancellations: The airline canceled flights between Helsinki and Tartu for six weeks due to GPS spoofing, illustrating the disruptive potential of cyberattacks on transportation.
-
Azerbaijan Airlines Flight 8243 Crash: This tragic incident, which resulted in the loss of 38 lives, was linked to GPS jamming, raising serious concerns about the safety of air travel in the face of cyber threats.
- Widespread GPS Jamming: A 64-hour GPS jamming event over Poland, Sweden, and Germany disrupted approximately 1,600 flights, with suspicions pointing to Russian involvement.
These incidents serve as a stark reminder of the vulnerabilities inherent in critical infrastructure and the potential for catastrophic consequences stemming from cyber interference.
The Rise of Sophisticated Cyber Threats
In 2024, China launched two significant cyberattacks that further illustrated the sophistication of contemporary threat actors. The Volt Typhoon campaign targeted U.S. government and military-linked infrastructure, employing “living off the land” techniques to evade detection. Although the FBI managed to clean affected U.S. devices, the existence of global botnets remains a pressing concern.
Additionally, the Salt Typhoon operation compromised telecommunications infrastructure worldwide, intercepting communications, including those of U.S. presidential candidates. The methods of attack remain unclear, but the implications for national security are profound.
Moreover, the discovery of three new ICS-capable malware variants in 2024—compared to just six found in the previous 14 years—underscores the increasing sophistication and frequency of cyber threats targeting critical infrastructure.
Conclusion: A Call for Vigilance
As we navigate the complexities of the cyber threat landscape in 2024, it is evident that while the rate of increase in reported incidents may have slowed, the nature and impact of cyberattacks are evolving. The sharp rise in the number of sites affected by these attacks, particularly those targeting critical infrastructure, calls for heightened vigilance and proactive measures from organizations across various sectors. As cyber threats continue to grow in sophistication and frequency, a collaborative approach involving government, industry, and cybersecurity experts will be essential to safeguard our critical infrastructure and mitigate the risks posed by cyber adversaries.