Kaspersky predicts shifts in the threat landscape towards industrial control systems in 2023


WOBURN, MA, Nov. 22, 2022 (GLOBE NEWSWIRE) — Today, Kaspersky ICS CERT researchers share their predictions for industrial control systems developments over the next few years and the risks companies should prepare for in 2023. These predictions include increased attack surface from digitalization, voluntary and cybercriminal insider activity, ransomware attacks on critical infrastructure, as well as the technical, economic and geopolitical impact on the quality of threat detection and the proliferation of potential vulnerabilities exploited by attackers.

These predictions are the sum of the opinions of Kaspersky’s ICS CERT team, based on their collective experience in researching vulnerabilities, attacks and incident response, as well as the experts’ personal vision of the main vectors driving changes in the threat landscape.

New risks and changes in the threat landscape

Kaspersky experts predict a shift in Advanced Persistent Threat (APT) activity against industrial companies and OT systems in new sectors and locations. Sectors of the real economy such as agriculture, logistics and transport, the alternative energy sector and the energy sector as a whole, high-tech, pharmaceutical and medical device manufacturers are expected to see further attacks in the next year. In addition, traditional targets such as the military-industrial complex and the government sector will also remain in focus.

The attack surfaces will also increase as a result of digitization in a race for greater efficiencies in IIoT and SmartXXX, including predictive maintenance systems and digital twin technology. This trend is supported by the statistics of attacks on Computerized Maintenance Management Systems (CMMS) in the first half of 2022. The top 10 countries where these systems were attacked are considered to have a higher level of security.

This also entails the risks of an expanded attack surface the rising energy prices and the resulting price increases for hardware. This would force many companies to abandon plans to deploy on-premises infrastructure in favor of third-party cloud services, and could also impact some IS budgets.

Threats can also come from unmanned transport Means and aggregates that can be either targets or tools for attack. Other risks to watch out for are increased criminal activity aimed at Collect user credentials as well as more ideologically and politically motivated insiders on a voluntary basis Cooperation with criminal groups, usually extortionists and APTs. These insiders can work in production facilities as well as technology developers, product sellers and service providers.

The geopolitical ebb and flow of trusting partnerships impacting the state of cybersecurity in ICS globally will be more evident in 2023 Increase in hacktivist activity “Working” on internal and external political agendas, we might as well see more Ransomware attacks on critical infrastructure due to the fact that such attacks are becoming more difficult to trace.

Deterioration of international law enforcement cooperation will lead to an influx of cyberattacks in the countries considered adversaries. At the same time, new alternative solutions developed domestically may also lead to new risks, such as Zero-Day Vulnerabilitiesmaking them accessible to both cybercriminals and hacktivists.

Organizations may be exposed to new risks such as Decrease in the quality of threat detection due to communication breakdowns between information security developers and researchers in countries currently in conflict. We could also face degradation in the quality of threat intelligence, leading to unsupported attribution and government attempts to control incident, threat, and vulnerability information. The growing role of governments in the operational processes of industrial companies, including the connection to state clouds and services, some of which would be less protected than the market-leading private ones, also leads to additional IS risks. Thus there is an increased risk of losing confidential data due to the conspicuous number of underqualified employees in government institutions and an evolving internal culture and practices for responsible disclosure.

New techniques and tactics to watch out for in future attacks

Kaspersky ICS CERT researchers also listed the best techniques and tactics expected to flourish in 2023:

  • Phishing pages and scripts embedded on legitimate websites

  • The use of broken distributions with trojans, patches and key generators packed in them for common and special software

  • Phishing emails about current events with particularly dramatic topics, including political events

  • Documents stolen from previous attacks on affiliated or partner organizations are used as bait in phishing emails

  • The proliferation of phishing emails from the email inboxes of compromised employees and partners disguised as legitimate work correspondence

  • N-Day vulnerabilities are closed even more slowly as security updates for some solutions are less accessible in some markets

  • Abuse of basic default configuration flaws (e.g. use of default passwords) and simple zero-day vulnerabilities in products from “new” vendors, including local vendors

  • Attacks on cloud services

  • Use of configuration errors in security solutions, such as those that allow an antivirus solution to be disabled

  • Using popular cloud service as CnC. Even after an attack has been identified, the victim may still not be able to block the attacks as critical business processes could depend on the cloud

  • Exploiting vulnerabilities in legitimate software, DLL hijacking, and BYOVD (Bring Your Own Vulnerable Driver) to bypass end-node security, for example

  • The spread of malware via removable media to overcome air gaps

“We saw that In 2022, there were numerous cyber security incidents that caused many problems for ICS owners and operators. However, despite many colorful media headlines, we have seen no sudden or catastrophic changes across the threat landscape, none that have been difficult to manage.” said Evgeny Goncharov, Head of ICS CERT at Kaspersky. “Analyzing the events of 2022, we have to admit that we have entered an era where the most significant changes in the ICS threat landscape are mainly driven by geopolitical trends and the resulting macroeconomic factors. Cybercriminals are naturally cosmopolitan; However, they pay close attention to political and economic trends while chasing quick profits and maintaining their personal security. We hope that our analysis of future attacks will prove helpful for organizations to prepare for new and emerging threats.”

These predictions are part of Kaspersky Security Bulletin (KSB), an annual series of predictions and analytical articles on key changes in the cybersecurity world. Read the full ICS forecast report for 2023 on Securelist. Click here to view other KSB parts.

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise are constantly transformed into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the world. The company’s comprehensive security portfolio includes leading endpoint protection and a range of specialized security solutions and services to combat sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate customers protect what matters most to them. For more information, see usa.kaspersky.com.

CONTACT: Cassandra Faro Kaspersky 7815031812 [email protected]

Comments are closed.