Ransomware attacks and targeted attacks will continue to be major cybersecurity risks for industrial companies this year, as well as the continued rise of targeted fraud attacks on industrial companies, says cybersecurity multinational Kaspersky Lab industrial control systems (ICS) computer emergency response teams head Evgeny Goncharov.
Industrial systems typically have many interfaces and connections with in-house and external industrial, business and service provider systems, and the combination of industrial and consumer information technology (IT) components and programs expose industrial companies to a range of different vulnerabilities.
ICS owners and operators try to identify and solve cybersecurity problems of complex industrial IT ecosystems in their companies. However, real-time threat intelligence resources are becoming more relevant to help ICS experts identify and close vulnerabilities they were unaware of and more effectively defend themselves against targeted and random attacks, says Goncharov.
Specifically, new malware, malicious tools and methods of attack will continue to exploit vulnerabilities in industrial automation system components and operational technology (OT) infrastructure. Another possibility is the emergence of ransomware targeting field-level ICS devices and physical assets such as pumps or switches.
“There are normally many interfaces between corporate networks and industrial operations, control systems and components, which have proved to be vulnerable to even consumer-orientated malware and ransomware.”
Fraudsters and targeted attacks might also aim to compromise contractors’ and service providers’ IT systems to use as a vector of attack against an industrial operation or facility. Similarly, attacks against mobile devices used by contactors can also be expected.
Industry is aware of the vulnerabilities inherent in systems and components designed before the current connected era of industry, as well as the vulnerabilities of commercial and consumer IT equipment. All connections and links between IT and OT segments, beside keeping track of the communications inside the OT network, are constantly mapped and monitored, which is done to identify and close security gaps, as well as prevent an attack, or at least detect an attack in its early stages and limit the possible damage, says Goncharov.
“ICS security is not simple to deal with. While it might seem that the entire network should be re-engineered to be made secure by design, this is typically not possible to do. Therefore, expert advice, resources and services – such as cybersecurity intelligence feeds – augment the detailed, technical knowledge of the ICS expert with external, cross-industry information and alerts.”
Further, many industrial companies are directly and indirectly linked to their partners and suppliers through various IT and OT systems, most often with other local companies, which boost supply chain efficiencies, but expose the companies to additional vulnerabilities.
Kaspersky Lab predicts an increase in attacks on industrial companies, partly owing to general and consumer malware and ransomware that can potentially infect industrial systems, as well as the growing use of targeted ransomware attacks on industry.
The focus of threat actors on industrial control systems will inevitably result in the emergence of new segments of the cybercriminal market focused on the theft of ICS configuration data and access credentials. Offerings of botnets with ‘industrial’ nodes may also appear on the market.
The design and implementation of advanced cyberattacks targeting physical objects and systems require expert knowledge of ICS and the relevant industries. Demand for such specialised knowledge is expected to drive growth areas such as malware as a service, attack-vector design as a service and attack campaign as a service, as well as other services related to attacks on industrial enterprises.
Further, organisations and individual users typically relegate Internet of Things (IoT) devices to the periphery of their attention. However, the number of existing IoT devices is already large and these are mostly narrow-purpose devices that cannot be protected using traditional methods, including timely patching, installing and configuring antivirus solutions and keeping antivirus databases up to date.
Having cut their teeth on traditional IT systems, cybercriminals are taking advantage of the existing situation with the security of IoT devices. The number of attacks on IoT devices is undoubtedly set to grow.
New botnets comprising IoT devices will be created for distributed denial-of-service (DDoS) attacks on traditional IT systems. The most obvious application of infected IoT devices is to conduct large-scale DDoS attacks on Internet services and telecommunications.