Compared to 2023, 2024 saw a smaller increase in cyberattacks that caused physical consequences on OT organizations, according to Waterfall Security. Nevertheless, there were sharp jumps in the number of sites affected by the hacks, as well as in the number of attacks by nation states.
2024 saw a 146% increase in sites suffering physical consequences of operations because of cyberattacks, rising from 412 sites in 2023 to 1,015 in 2024.
The slowing rate of increase in OT security incidents may be due to new SEC disclosure regulations, which require publicly traded companies to report “material” cybersecurity incidents.
These rules, enforced since late 2023, may limit public reporting as legal teams now get involved earlier, disclosing only what’s legally necessary to avoid legal risks. As a result, fewer incidents with physical consequences may be publicly reported, despite the growing threat.
Nation-states and hacktivists target physical infrastructure
Nation state and hacktivist attacks both seek to bring about physical consequences with cyberattacks. Western intelligence agencies and governments reached a near-unanimous conclusion: the ongoing cyber threats from China pose the most significant and pressing concern.
Meanwhile, attacks on North America’s water and wastewater sector surged in both frequency and severity. Of the seven incidents reported, five were attributed to Russia’s infamous Sandworm group, which has previously targeted Ukraine’s power grid.
Regionally, the USA and Germany suffered the largest number of incidents with physical consequences in 2024, in first and second place respectively, followed by Japan, the UK and Canada.
The reasons behind regional trends remain unclear, but it’s possible that ransomware groups are moving into new markets with strong economies and a higher likelihood of ransom payments. Alternatively, politically supported ransomware groups and nation-state actors could be strategically targeting victims in the US, Europe, and Asia-Pacific.
In 2024, two more incidents were reported in automated “smart” buildings, both targeting the hospitality industry. Meanwhile, the oil and gas sectors reported no new incidents. Notably, 69% of attacks with physical consequences affected the transportation and discrete manufacturing industries.
For attacks where the attack pattern could be determined from public records, 13% of attacks with physical consequences directly impacted OT automation systems. 90% of attacks caused physical consequences indirectly. This is very similar to data from 2023.
Cyber interference threatens GPS systems
In 2024, three major GPS incidents underscored the growing risks of cyber interference:
- Finnair canceled flights between Helsinki and Tartu for six weeks due to GPS spoofing.
- Azerbaijan Airlines Flight 8243 crashed near Aktau, Kazakhstan, killing 38 passengers, with GPS jamming cited as a factor.
- A 64-hour GPS jamming event over Poland, Sweden, and Germany disrupted 1,600 flights, with Russia suspected.
In another troubling development, China launched two major cyberattacks in 2024:
Volt Typhoon targeted U.S. government and military-linked infrastructure, using “living off the land” techniques to evade detection. The FBI managed to clean US devices, but global botnets remain a significant concern.
Salt Typhoon compromised telecom infrastructure worldwide, intercepting communications, including those of US presidential candidates, though the methods of attack remain unclear.
Three new ICS-capable malware variants were discovered in 2024, compared to just six found in the previous 14 years.
These incidents underscore the growing vulnerability of critical infrastructure to cyberattacks and the increasing sophistication of threat actors.
