The security experts at Kaspersky provide an outlook on the most important developments in the threat landscape in the industrial environment for the year 2020 (ICS, Industrial CyberSecurity) on the basis of the knowledge they gained in 19 and their experience with Covid-2021, so that companies in these sectors can better respond to cyber security. Prepare for dangers.
In the near future, targeted infections and attacks, new tactics to monetize attacks, more advanced ransomware compromises, increased espionage via OT (Operation Technology) and more ICS threat actors are expected to increase in the near future.
More targeted infections and attacks
In the past few years, cyber criminals have created profiles of randomly infected computers that are connected to or regularly access industrial networks. The access information to such computers will in the future and possibly also now be sold to more professional groups who already have special strategies for monetizing attacks on industrial plants.
New monetization tactics
For a number of years, various groups have specialized in attacking industrial companies in order to steal their money - through BEC attacks or advanced hacks in order to be able to break into the financial and accounting systems of the victims. Through years of criminal machinations, they got to know the business processes of industrial companies and gained access to a large amount of technical information about network systems and operating technologies. Kaspersky therefore expects new, unconventional attack scenarios on OT / ICS and field devices in the future, combined with sophisticated monetization tactics.
Ransomware is getting more advanced
Cyber criminals will continue to use hacking and APT techniques by meticulously analyzing the target organization's network in order to locate the most valuable and vulnerable systems, hijack administrator accounts and carry out parallel lightning attacks using standard admin tools.
More hybrid document theft attacks
If documents are then in the possession of cyber criminals, they are threatened with publishing them or selling them on the darknet if the payment request is not met. In addition, the idea behind Snake ransomware - targeting corporate OT / ICS - will gain traction in attacks of this type. It is also likely that there will be more attacks disguised as ransomware, but with completely different goals - a repetition of the ExPetr technique.
Espionage attacks via the OT
Cyber criminals will increasingly attack OT networks because they are usually not as well protected as office networks and OT networks tend to be easier to break into. Because these have their own perimeter and attack areas. The flat network topology and other access control challenges in OT networks can make them an attractive entry point into the deeper layers of the corporate network and a stepping stone into other related organizations and facilities.
Tactical and strategic partners become targets
The desire of many countries for technological independence, coupled with global geopolitical and macroeconomic upheavals, will mean that not only traditional competitors, but also tactical and strategic partners will become targets of attack. As a result, threats can come from any direction in the future.
The number of APT groups will continue to grow, and new players will appear on the scene - including those attacking various industrial sectors. The activities of these groups - in the form of cyber attacks on industrial companies used as a warfare tool, the use of drones and the dissemination of media-driven misinformation - will correlate with local conflicts.
More complex attacks will increase
In addition to data theft and other fragmented operations, some groups are likely to turn to more complex activities in 2021 - possibly along the lines of Stuxnet, Black Energy, Industroyer and Triton.
Cross-agency attacks and encroachments on central and local government systems
The online presence of municipal services and utilities and the increasing digitization of government and public services will make them more vulnerable to attacks by cyber criminals. For example, a threat actor could use a state or municipal web service as an entry point to compromise the victim's internal infrastructure. The existing communication channels and the supply chain, which connect various state, municipal and even private organizations, could then be used to achieve the planned goal - such as the shutdown of transport systems.
More on this at SecureList from Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/