Kaspersky experts predict a shift in advanced persistent threat (APT) activity against industrial organizations and OT systems in new industries and locations. The real economy sectors such as agriculture, logistics and transport, the alternative energy sector and the energy sector as a whole, high-tech, pharmaceuticals and medical equipment producers are likely to see more attacks next year. Moreover, traditional targets, such as the military industrial complex, and the government sector will also remain.
Attack surface will also increase due to digitization in a race for higher efficiency in IIoT and SmartXXX, including systems for predictive maintenance and digital twin technology. This trend is supported by the statistics of attacks on Computerized Maintenance Management Systems (CMMS) in the first half of 2022. Top-10 countries that had these systems attacked are seen as countries with higher levels of security.
Top 10 countries ranked by the percentage of CMMS attacked in H1 2022
The risks of expanding attack surface are also connected to the rising energy carrier prices and the resulting rises in hardware prices, would force many enterprises to abandon plans to deploy on premise infrastructure in favor of cloud services from third party vendors and may also affect some IS budgets.
Threats may also come from unmanned transportation means and aggregates that can either be targets or tools for attacks. Other risks to watch out for are the heightened criminal activity with a goal to harvest user credentials as well as more volunteer ideological and politically motivated insiders, and insiders working with criminal groups, usually extortionists and APTs. These insiders may be active in productions facilities, as well as technology developers, product vendors and service providers.
The geopolitical ebb and flow of trusted partnerships, which have a global effect on the state of cybersecurity in ICS too, will be more evident in 2023. Besides the growth of hacktivist activity “working” to internal and external political agendas, which may become more effective, we might also see more ransomware attacks on critical infrastructure due to the fact that it will become harder to prosecute such attacks.
Deterioration of international law enforcement cooperation will lead to an influx of cyberattacks in the countries considered to be adversaries. At the same time, new alternative solutions developed domestically may also lead to new risks such as the software containing security configuration errors and easy zero-day vulnerabilities, making them accessible to both cybercriminals and hacktivists.
Organizations may face new risks such as a decrease in quality threat detection due to communication breakdowns between information security developers and researchers located in countries currently in conflict. We may also face a decreasing quality of threat intelligence leading to unsupported attribution and government attempts to control information about incidents, threats and vulnerabilities. The growing role of governments in the operational processes of industrial enterprises, including connections to government clouds and services, which would sometimes be less protected than the market-leading private ones, also leads to additional IS risks. Thus, there is an increased risk of confidential data leaks due to the noticeable number of under-qualified employees in government institutions as well as a still developing internal culture and practices for responsible disclosure.
Kaspersky ICS CERT researchers also listed top techniques and tactics expected to flourish in 2023:
“We saw that cybersecurity incidents were plentiful in 2022 causing many problems for ICS owners and operators. However, we did not see any sudden or catastrophic changes in the overall threat landscape, none that were difficult to handle, despite many colorful headlines in the media. As we analyze incidents of 2022, we must profess that we have entered an era where the most significant changes in the ICS threat landscape are mostly determined by geopolitical trends and the subsequent macroeconomic factors. Cybercriminals are naturally cosmopolitan; however, they do pay close attention to political and economic trends as they chase easy profits and ensure their personal safety. We hope that our analysis of future attacks will prove helpful to organizations to prepare for new and emerging threats,” commented Evgeny Goncharov, head of Kaspersky’s ICS CERT.
These predictions are a part of Kaspersky Security Bulletin (KSB) – an annual predictions series and analytical articles on key changes in the world of cybersecurity. Read the full ICS predictions for 2023 report on Securelist. Click here to look at other KSB pieces.
To look back at what the Kaspersky experts expected to see in the ICS threats landscape in 2022, please read our previous yearly report.
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.