Kaspersky’s ICS CERT researchers shared their predictions for the next years’ industrial control system-focused developments and risks that organizations should prepare for in 2023. These predictions include increased attack surface due to digitization, activities of volunteer and cybercriminal insiders, ransomware attacks on critical infrastructure as well as the technical, economic, and geopolitical effects on the quality of threat detection and the rise of potential vulnerabilities being exploited by attackers.
These predictions are the sum of the opinions of Kaspersky’s ICS CERT team based on their collective experience in researching vulnerabilities, attacks, and incident response, as well as the experts’ personal vision of the main vectors driving changes in the threat landscape.
New risks and changes in the threat landscape
Kaspersky experts predict a shift in advanced persistent threat (APT) activity against industrial organizations and OT systems in new industries and locations. The real economy sectors such as agriculture, logistics, and transport, the alternative energy sector, and the energy sector as a whole, high-tech, pharmaceuticals, and medical equipment producers are likely to see more attacks next year. Moreover, traditional targets, such as the military-industrial complex, and the government sector will also remain.
Attack surface will also increase due to digitization in a race for higher efficiency in IIoT and SmartXXX, including systems for predictive maintenance and digital twin technology. This trend is supported by the statistics of attacks on Computerized Maintenance Management Systems (CMMS) in the first half of 2022The top-10 countries that had these systems attacked are seen as countries with higher levels of security.
The risks of expanding attack surface are also connected to the rising energy carrier prices and the resulting rises in hardware prices, would force many enterprises to abandon plans to deploy on premise infrastructure in favor of cloud services from third party vendors and may also affect some IS budgets.
Threats may also come from unmanned transportation means and aggregates that can either be targets or tools for attacks. Other risks to watch out for are the heightened criminal activity with a goal to harvest user credentials as well as more volunteer ideological and politically motivated insiders, and insiders working with criminal groups, usually extortionists and APTs. These insiders may be active in production facilities, as well as technology developers, product vendors and service providers.
The geopolitical ebb and flow of trusted partnerships, which have a global effect on the state of cybersecurity in ICS too, will be more evident in 2023. Besides the growth of hacktivist activity “working” to internal and external political agendas, which may become more effective, we might also see more ransomware attacks on critical infrastructure due to the fact that it will become harder to prosecute such attacks.
Deterioration of international law enforcement cooperation will lead to an influx of cyberattacks in the countries considered to be adversaries. At the same time, new alternative solutions developed domestically may also lead to new risks such as the software containing security configuration errors and easy zero-day vulnerabilities, making them accessible to both cybercriminals and hacktivists.
Organizations may face new risks such as a decrease in quality threat detection due to communication breakdowns between information security developers and researchers located in countries currently in conflict. We may also face a decreasing quality of threat intelligence leading to unsupported attribution and government attempts to control information about incidents, threats and vulnerabilities. The growing role of governments in the operational processes of industrial enterprises, including connections to government clouds and services, which would sometimes be less protected than the market-leading private ones, also leads to additional IS risks. Thus, there is an increased risk of confidential data leaks due to the noticeable number of under-qualified employees in government institutions as well as a still developing internal culture and practices for responsible disclosure.
New techniques and tactics to watch out for in future attacks
Kaspersky ICS CERT researchers also listed top techniques and tactics expected to flourish in 2023:
- Phishing pages and scripts embedded on legitimate sites
- The use of broken distributives with Trojans packed inside, patches and key generators for commonly used and specialist software
- Phishing emails about current events with especially dramatic subjects, including political events
- Documents stolen in previous attacks on related or partner organizations being used as bait in phishing emails
- The spread of phishing emails from compromised employees’ and partners’ email boxes disguised as legitimate work correspondence
- N-day vulnerabilities – these will be closed even more slowly as security updates for some solutions become less accessible in some markets
- Abusing basic default configuration errors (such as using default passwords) and easy zero-day vulnerabilities in products from ‘new’ vendors, including local ones.
- Attacks on cloud services
- Using configuration errors in security solutions, for instance, the ones allowing to disable an antivirus solution
- Using popular cloud service as CnC – even after an attack is identified, the victim might still be unable to block the attacks because important business processes could depend on the cloud
- Exploiting vulnerabilities in legitimate software, DLL Hijacking and BYOVD (Bring Your Own Vulnerable Driver), for instance, to bypass end node security
- The spread of malware via removable media to overcome air gaps
“We saw that cybersecurity incidents were plentiful in 2022 causing many problems for ICS owners and operators. However, we did not see any sudden or catastrophic changes in the overall threat landscape, none that were difficult to handle, despite many colorful headlines in the media. As we analyze incidents of 2022, we must profess that we have entered an era where the most significant changes in the ICS threat landscape are mostly determined by geopolitical trends and the subsequent macroeconomic factors. Cybercriminals are naturally cosmopolitan; however, they do pay close attention to political and economic trends as they chase easy profits and ensure their personal safety. We hope that our analysis of future attacks will prove helpful to organizations to prepare for new and emerging threats,” commented Evgeny Goncharov, head of Kaspersky’s ICS CERT.
These predictions are a part of Kaspersky Security Bulletin (KSB) – an annual predictions series and analytical articles on key changes in the world of cybersecurity.
70 Comments
Awesome article! I want people to know just how good this information is in your article. It’s interesting, compelling content. Your views are much like my own concerning this subject.
Your articles are inventive. I am looking forward to reading the plethora of articles that you have linked here. Thumbs up!
Are you still frustrated with the hassle of refilling your vape CBD/THC pen? Look no further! Cartridge Filling Machine that takes the stress out of the process. No more spills, mess, or wasted time—just a quick, easy, and precise refill every time. Try our machine and enjoy a seamless vaping cartridge experience!
Bulk sourcing wholesale custom kitchen utensils, baking utensils, kitchen gadgets & tools from China kitchenware manufacturer
Pretty good post. I have just stumbled upon your blog and enjoyed reading your blog posts very much. I am looking for new posts to get more precious info. Big thanks for the useful info.
I think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article.
I am incapable of reading articles online very often, but I’m happy I did today. It is very well written, and your points are well-expressed. I request you warmly, please, don’t ever stop writing.
Excellent post. I was always checking this blog, and I’m impressed! Extremely useful info specially the last part, I care for such information a lot. I was exploring this particular info for a long time. Thanks to this blog my exploration has ended.
Efficiently written information. It will be profitable to anybody who utilizes it, counting me. Keep up the good work. For certain I will review out more posts day in and day out.
I am constantly surprised by the amount of information accessible on this subject. What you presented was well researched and well written to get your stand on this over to all your readers. Thanks a lot my dear.
I really loved reading your blog. It was very well authored and easy to understand. Unlike other blogs I have read which are really not that good.Thanks alot!
Hello I am so delighted I located your blog, I really located you by mistake, while I was watching on google for something else, Anyways I am here now and could just like to say thank for a tremendous post and a all round entertaining website. Please do keep up the great work.
Everything has its value. Thanks for sharing this informative information with us. GOOD works!
I think this is one of the most significant information for me. And i’m glad reading your article. But should remark on some general things, The web site style is perfect, the articles is really great : D. Good job, cheers
Hello I am so delighted I located your blog, I really located you by mistake, while I was watching on google for something else, Anyways I am here now and could just like to say thank for a tremendous post and a all round entertaining website. Please do keep up the great work.
I am incapable of reading articles online very often, but I’m happy I did today. It is very well written, and your points are well-expressed. I request you warmly, please, don’t ever stop writing.
You understand your projects stand out of the crowd. There is something unique about them. It seems to me all of them are brilliant.
It is my first visit to your blog, and I am very impressed with the articles that you serve. Give adequate knowledge for me. Thank you for sharing useful material. I will be back for the more great post.
All your hard work is much appreciated. Nobody can stop to admire you. Lots of appreciation.
Hi there! Nice post! Please tell us when I will see a follow up!
Great post, you have pointed out some excellent points, I as well believe this is a very superb website.
I am very much pleased with the contents you have mentioned. I wanted to thank you for this great article.
Good to become visiting your weblog again, it has been months for me. Nicely this article that i’ve been waited for so long. I will need this post to total my assignment in the college, and it has exact same topic together with your write-up. Thanks, good share seo service london
When your website or blog goes live for the first time, it is exciting. That is until you realize no one but you and your.
I have read all the comments and suggestions posted by the visitors for this article are very fine,We will wait for your next article so only.Thanks!
I recently came across your blog and have been reading along. I thought I would leave my first comment. I don’t know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.
Your work is truly appreciated round the clock and the globe. It is incredibly a comprehensive and helpful blog.
Positive site, where did u come up with the information on this posting? I’m pleased I discovered it though, ill be checking back soon to find out what additional posts you include.
Positive site, where did u come up with the information on this posting?I have read a few of the articles on your website now, and I really like your style. Thanks a million and please keep up the effective work.
Interesting topic for a blog. I have been searching the Internet for fun and came upon your website. Fabulous post. Thanks a ton for sharing your knowledge! It is great to see that some people still put in an effort into managing their websites. I’ll be sure to check back again real soon.
I can see that you are an expert at your field! I am launching a website soon, and your information will be very useful for me.. Thanks for all your help and wishing you all the success in your business.
I havent any word to appreciate this post…..Really i am impressed from this post….the person who create this post it was a great human..thanks for shared this with us.
I’m going to read this. I’ll be sure to come back. thanks for sharing. and also This article gives the light in which we can observe the reality. this is very nice one and gives indepth information. thanks for this nice article…
I just couldn’t leave your website before telling you that I truly enjoyed the top quality info you present to your visitors? Will be back again frequently to check up on new posts.
Positive site, where did u come up with the information on this posting? I’m pleased I discovered it though, ill be checking back soon to find out what additional posts you include.
What a sensational blog! This blog is too much amazing in all aspects. Especially, it looks awesome and the content available on it is utmost qualitative.
Really a great addition. I have read this marvelous post. Thanks for sharing information about it. I really like that. Thanks so lot for your convene.
I just couldn’t leave your website before telling you that I truly enjoyed the top quality info you present to your visitors? Will be back again frequently to check up on new posts.
thanks this is good blog.
Excellent .. Amazing .. I’ll bookmark your blog and take the feeds also…I’m happy to find so many useful info here in the post, we need work out more techniques in this regard, thanks for sharing.
This is highly informatics, crisp and clear. I think that everything has been described in systematic manner so that reader could get maximum information and learn many things.
Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I’ll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info.
This particular papers fabulous, and My spouse and i enjoy each of the perform that you have placed into this. I’m sure that you will be making a really useful place. I has been additionally pleased. Good perform!
This is a truly good site post. Not too many people would actually, the way you just did. I am really impressed that there is so much information about this subject that have been uncovered and you’ve done your best, with so much class. If wanted to know more about green smoke reviews, than by all means come in and check our stuff.
This is a truly good site post. Not too many people would actually, the way you just did. I am really impressed that there is so much information about this subject that have been uncovered and you’ve done your best, with so much class. If wanted to know more about green smoke reviews, than by all means come in and check our stuff.
I am thankful to you for sharing this plethora of useful information. I found this resource utmost beneficial for me. Thanks a lot for hard work.
An fascinating discussion is value comment. I think that it is best to write extra on this matter, it won’t be a taboo topic however generally people are not enough to talk on such topics. To the next. Cheers
I am thankful to you for sharing this plethora of useful information. I found this resource utmost beneficial for me. Thanks a lot for hard work.
This is a truly good site post. Not too many people would actually, the way you just did. I am really impressed that there is so much information about this subject that have been uncovered and you’ve done your best, with so much class. If wanted to know more about green smoke reviews, than by all means come in and check our stuff.
I’m going to read this. I’ll be sure to come back. thanks for sharing. and also This article gives the light in which we can observe the reality. this is very nice one and gives indepth information. thanks for this nice article…
Thanks for the blog loaded with so many information. Stopping by your blog helped me to get what I was looking for.
Thanks for another wonderful post. Where else could anybody get that type of info in such an ideal way of writing?
I have bookmarked your blog, the articles are way better than other similar blogs.. thanks for a great blog!
Positive site, where did u come up with the information on this posting?I have read a few of the articles on your website now, and I really like your style. Thanks a million and please keep up the effective work.
You have performed a great job on this article. It’s very precise and highly qualitative. You have even managed to make it readable and easy to read. You have some real writing talent. Thank you so much.
I read that Post and got it fine and informative.
I think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article.
I am definitely enjoying your website. You definitely have some great insight and great stories.
Thanks for the blog filled with so many information. Stopping by your blog helped me to get what I was looking for. Now my task has become as easy as ABC.
This particular papers fabulous, and My spouse and i enjoy each of the perform that you have placed into this. I’m sure that you will be making a really useful place. I has been additionally pleased. Good perform!
I am incapable of reading articles online very often, but I’m happy I did today. It is very well written, and your points are well-expressed. I request you warmly, please, don’t ever stop writing.
That is really nice to hear. thank you for the update and good luck.
I have read all the comments and suggestions posted by the visitors for this article are very fine,We will wait for your next article so only.Thanks!
thanks this is good blog.
This is a truly good site post. Not too many people would actually, the way you just did. I am really impressed that there is so much information about this subject that have been uncovered and you’ve done your best, with so much class. If wanted to know more about green smoke reviews, than by all means come in and check our stuff.
Your blog is too much amazing. I have found with ease what I was looking. Moreover, the content quality is awesome. Thanks for the nudge!
Wow, cool post. I’d like to write like this too – taking time and real hard work to make a great article… but I put things off too much and never seem to get started. Thanks though.
Excellent post. I was always checking this blog, and I’m impressed! Extremely useful info specially the last part, I care for such information a lot. I was exploring this particular info for a long time. Thanks to this blog my exploration has ended.
Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I’ll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info.
Hey what a brilliant post I have come across and believe me I have been searching out for this similar kind of post for past a week and hardly came across this. Thank you very much and will look for more postings from you.