As industries such as utilities, manufacturing, and others grow increasingly reliant on operational technology (OT) to run their businesses, we’ve seen cyberattacks targeting these critical systems surge over the last year. We examined some of 2024’s more notable cybersecurity incidents impacting companies with critical infrastructure. We also explore how ARIA’s AZT PROTECT™ solution could have thwarted these attacks, providing a blueprint for safeguarding systems in this dangerous new era.
Utilities Increasingly Under Attack
American Water, the largest U.S. water and wastewater utility company, experienced a suspected ransomware attack in October 2024. The attack, detected on October 3, led the company to disconnect several systems, including its MyWater customer portal and billing services, to contain the damage. Although operations at water treatment facilities were reportedly unaffected, the attack forced American Water to go into manual control of their facilities, triggering high expense and disrupting customer self-services, which impacted their call centers. This attack highlights the growing threat posed by cyberattacks to critical utilities, underscoring the extreme cost impact to maintain essential services and the potential risk to public safety for water services.
The Environmental Protection Agency (EPA) conducted a passive cybersecurity assessment of 1,062 drinking water systems serving over 193 million people in the U.S. The assessment identified 97 systems with critical or high-risk vulnerabilities, and another 211 systems with medium or low vulnerabilities. Exploitation of these vulnerabilities could lead to service disruptions, physical damage, or public safety issues. The resulting financial impact could be substantial: the report noted that a one-day disruption of water service across the U.S. could jeopardize $43.5 billion in economic activity. These findings further highlight the need for enhanced cybersecurity measures in drinking water infrastructure to mitigate potential risks.
The EPA’s mandatory five-year cyber risk assessments begin in 2025. We recommend deploying ARIA’s AZT PROTECT as an important step in reducing risk in conjunction with such assessments.
Energy Firm Suffers Multiple Infiltrations
French multinational Schneider Electric bookended 2024 with ransomware attacks. In January, the Cactus ransomware group hit Schneider’s Sustainability Business, impacting their EcoStruxure Resource Advisory platform—which is used by over 2,000 companies to interpret their energy and sustainability data—and other division-specific systems. The attackers claimed to have exfiltrated more than 1.5TB of data, leaking about 25MB of the stolen data on the dark web. While Schneider mobilized its incident response team to address the breach and noted that its products and services were not affected, it does not diminish the fact that 2,000 energy customers were impacted by this attack.
Could These Attacks Have Been Prevented?
We believe that these incidents are preventable. ARIA’s patented AZT PROTECT solution could have stopped these types of attacks through its comprehensive suite of cybersecurity capabilities. AZT PROTECT’s AI-driven behavioral monitoring would identify the appearance of malicious code and stop it before execution. Additionally, microsegmentation limits access to critical systems, making lateral movement by attackers to them nearly impossible.
For ransomware scenarios, bocking the execution of the code used to execute the attacks would stop them early in the attack chain and give warning their presence. In the case of Schneider Electric and at American Water, the early ability to stop malicious code execution and privilege escalation of affected systems could have mitigated or entirely avoided service disruptions. By integrating these advanced protections, AZT PROTECT significantly reduces the likelihood and impact of cyberattacks on critical infrastructure, creating a proactive and resilient defense strategy.
As these incidents demonstrate, the stakes are higher than ever for industries relying on OT. Cybercriminals are becoming more sophisticated, and the impact of successful attacks can be devastating. ARIA’s AZT PROTECT offers a comprehensive solution, providing real-time monitoring, AI-driven threat detection, and advanced segmentation to secure OT environments.
Don’t wait until it’s too late. Contact ARIA today to learn how AZT PROTECT can safeguard your critical infrastructure and help you stay one step ahead of the cyber criminals.