Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Shifts in threat landscape to industrial control systems

Issue 8 2022 Information Security

Kaspersky’s ICS CERT researchers shared their predictions for the next years’ industrial control system-focused developments and risks that organisations should prepare for in 2023. These predictions include increased attack surface due to digitisation, activities of volunteer and cybercriminal insiders, ransomware attacks on critical infrastructure as well as the technical, economic and geopolitical effects on the quality of threat detection and the rise of potential vulnerabilities being exploited by attackers.

These predictions are the sum of the opinions of Kaspersky’s ICS CERT team based on their collective experience in researching vulnerabilities, attacks, and incident response, as well as the experts’ personal vision of the main vectors driving changes in the threat landscape.

New risks and changes in threat landscape

Kaspersky experts predict a shift in advanced persistent threat (APT) activity against industrial organisations and OT systems in new industries and locations. The real economy sectors such as agriculture, logistics and transport, the alternative energy sector and the energy sector as a whole, high-tech, pharmaceuticals and medical equipment producers are likely to see more attacks next year. Moreover, traditional targets, such as the military industrial complex, and the government sector will also remain.

Attack surface will also increase due to digitisation, in a race for higher efficiency in IoT, including systems for predictive maintenance and digital twin technology. This trend is supported by the statistics of attacks on Computerised Maintenance Management Systems (CMMS) in the first half of 2022. In the META region (Middle East, Turkey, Africa), 39,3% of CMMS were attacked in the first half of 2022, where in Africa, 40% of CMMS were attacked during the same period.

The risks of expanding attack surface are also connected to the rising energy carrier prices and the resulting rises in hardware prices and would force many enterprises to abandon plans to deploy on- premise infrastructure, in favour of cloud services from third party vendors, and may also affect some IS budgets.

Threats may also come from unmanned transportation means and aggregates that can be either targets or tools for attacks. Other risks to watch out for are the heightened criminal activity with a goal to harvest user credentials as well as more volunteer ideological and politically motivated insiders, and insiders working with criminal groups, usually extortionists and APTs. These insiders may be active in productions facilities, as well as technology developers, product vendors and service providers.

The geopolitical ebb and flow of trusted partnerships, which have a global effect on the state of cybersecurity in ICS too, will be more evident in 2023. Besides the growth of hacktivist activity “working” to internal and external political agendas, which may become more effective, we might also see more ransomware attacks on critical infrastructure due to the fact that it will become harder to prosecute such attacks.

Deterioration of international law enforcement cooperation will lead to an influx of cyberattacks in the countries considered adversaries. At the same time, new alternative solutions developed domestically may also lead to new risks such as the software containing security configuration errors and easy zero-day vulnerabilities, making them accessible to both cybercriminals and hacktivists.

Organisations may face new risks such as a decrease in quality threat detection due to communication breakdowns between information security developers and researchers located in countries currently in conflict. We may also face a decreasing quality of threat intelligence leading to unsupported attribution and government attempts to control information about incidents, threats and vulnerabilities. The growing role of governments in the operational processes of industrial enterprises, including connections to government clouds and services, which would sometimes be less protected than the market-leading private ones, also leads to additional IS risks. Thus, there is an increased risk of confidential data leaks due to the noticeable number of under-qualified employees in government institutions as well as a still developing internal culture and practices for responsible disclosure.

New techniques and tactics to watch out for in future attacks

Kaspersky ICS CERT researchers also listed top techniques and tactics expected to flourish in 2023:

• Phishing pages and scripts embedded on legitimate sites.

• The use of broken distributives with Trojans packed inside, patches and key generators for commonly used and specialist software.

• Phishing emails about current events with especially dramatic subjects, including political events.

• Documents stolen in previous attacks on related or collaborate organisations used as bait in phishing emails.

• The spread of phishing emails from compromised employees and partners’ email boxes disguised as legitimate work correspondence.

• N-day vulnerabilities – these will be closed even more slowly as security updates for some solutions become less accessible in some markets.

• Abusing basic default configuration errors (such as using default passwords) and easy zero-day vulnerabilities in products from ‘new’ vendors, including local ones.

• Attacks on cloud services.

• Using configuration errors in security solutions, for instance, the ones allowing disabling of an antivirus solution.

• Using popular cloud service as CnC – even after an attack is identified, the victim might still be unable to block the attacks because important business processes could depend on the cloud.

• Exploiting vulnerabilities in legitimate software, DLL Hijacking and BYOVD (Bring Your Own Vulnerable Driver), for instance, to bypass end node security.

• The spread of malware via removable media to overcome air gaps.

“We saw that cybersecurity incidents were plentiful in 2022 causing many problems for ICS owners and operators. However, we did not see any sudden or catastrophic changes in the overall threat landscape, none that was difficult to handle, despite many colourful headlines in the media. As we analyse incidents of 2022, we must profess that we have entered an era where the most significant changes in the ICS threat landscape are mostly determined by geopolitical trends and the subsequent macroeconomic factors. Cybercriminals are naturally cosmopolitan; however, they do pay close attention to political and economic trends as they chase easy profits and ensure their personal safety. We hope that our analysis of future attacks will prove helpful to organisations to prepare for new and emerging threats,” commented Evgeny Goncharov, head of Kaspersky’s ICS CERT.




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

You will not get your files back with VECT
Information Security
If the newbie to the ransomware scene, VECT, comes knocking at your organisation’s door, do not pay the ransom! The decryption keys simply do not exist. They were discarded at the moment of encryption by the malware itself.

Read more...
Industrial sector is a primary cyber target
Information Security
Threats in industrial environments are distributed with striking uniformity: APT-driven incidents constitute 17,8%, malware 14,9% and social engineering 13,9%. This pattern suggests that industrial organisations attract a broad range of adversaries with different capabilities and objectives.

Read more...
Claude Mythos wake-up call
Technews Publishing AI & Data Analytics Information Security
AI has crossed a critical cybersecurity threshold and frontier models are accelerating attack lifecycles and will enable attackers to identify and exploit vulnerabilities at scale and speed, through novel methods that were previously the domain of advanced nation-state entities.

Read more...
If you cannot prove identity, you cannot claim security
Access Control & Identity Management Information Security
Cybersecurity planning for 2026 is a structural change in how attacks are executed and how trust is exploited, demanding that companies stop layering tools on top of infrastructure and instead prioritise intelligence and identity.

Read more...
95% do not have full trust in cybersecurity vendors
Information Security Security Services & Risk Management
Trust in cybersecurity vendors is fragile, difficult to measure, and increasingly shaping risk posture at both operational and board levels. Lack of verifiable transparency undermines cybersecurity decision-making, according to Sophos-backed research.

Read more...
Africa’s largest Zero Trust platform
NEC XON Information Security Commercial (Industry)
Africa has reached a significant cybersecurity milestone with the successful deployment of the continent’s largest Palo Alto Networks Prisma Access and Prisma Access Browser Zero Trust environment, supporting secure remote access for more than 40 000 users for a large enterprise in Africa.

Read more...
Supply chain attacks top threat over 12 months
Information Security
Supply chain attacks have become the most prevalent cyberthreat confronting businesses over the past year, according to a new Kaspersky global study, with nearly one-third of companies worldwide experiencing a supply chain threat in the past year.

Read more...
From vibe hacking to flat-pack malware
Information Security AI & Data Analytics
HP issued its latest Threat Insights Report, with strong indications that attackers are using AI to scale and accelerate campaigns, and that many are prioritising cost, effort, and efficiency over quality.

Read more...
NEC XON secures mobile provider’s hybrid identities
NEC XON Access Control & Identity Management Information Security Commercial (Industry)
For a leading South African telecommunications operator, identity protection has become a strategic priority as identity-centric attacks proliferate across the industry. The company faced mounting pressure to secure both human and non-human identities across complex hybrid environments.

Read more...
Microsoft 365 security is a ticking time bomb
Information Security
Across boardrooms and IT departments, a dangerous assumption persists that because data is stored in Microsoft 365 and Azure, it is automatically secure. This belief is fundamentally flawed and fosters a false sense of protection.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.