Threat actors have ramped up operational technology-targeted cyberattacks aimed at building automation systems, whose prevalence increased from 1% in 2023 to 9% in 2024, even if industrial automation protocols continue to account for a bulk of OT intrusions, recording an increase from 71% to 79% during the same period, SecurityWeek reports.
Forescout reported that utilities-targeted OT attacks declined from 28% to 12% year-over-year. Additional findings showed that Modbus, Ethernet/IP, Step7, DNP3, and BACnet were the most commonly targeted protocols last year, while the rate of abuse security issues not listed in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities list rose from 65% to 73% between 2023 and 2024.
"Last year, we discussed how attacks on building automation focused on exploiting vulnerabilities rather than interacting directly with protocols," said Forescout. "This year, we see that the interest in building automation protocols is increasing as attackers are still exploiting vulnerabilities on those devices."