Threat actors could leverage operational technology
data leaked from ransomware attacks against industrial and critical infrastructure organizations to perform cyber physical attacks that could result in property damage and even endanger lives, according to SecurityWeek
Mandiant researchers found that nearly 50% of ransomware-related data leaks in 2021 affected critical infrastructure and industrial firms and further review showed the exposure of sensitive OT data from 10 of 70 analyzed leaks.
"Access to this type of data can enable threat actors to learn about an industrial environment, identify paths of least resistance, and engineer cyber physical attacks. On top of this, other data also included in the leaks about employees, processes, projects, etc. can provide an actor with a very accurate picture of the target’s culture, plans, and operations," said researchers.
Mandiant added that even old OT data could be used by threat actors in decades-long reconnaissance efforts as cyber physical systems tend to have long lifespans.