Kathy Gibson reports from Jordan – Industrial systems are under greater threat than ever – and we can expect this trend to escalate in 2023.
Kaspersky has identified more than 400 zero-day vulnerabilities since 2016 in ICS, Internet of Things (IoT) and Industrial IoT (IIoT), smart devices, automotive and vessels.
Vladimir Dashchenko, ICS cybersecurity expert at Kaspersky, says the team is working with major vendors to make their products more secure; and with developers to help them create better products.
The number of industrial computers in the [MEA] region where malware was blocked was 43%, substantially higher than the global number of 31%.
Oil and gas is the top target, at 39,3%, followed by building automation systems at 38,8%, energy (36,8%), manufacturing (36,3%) and automotive (33,3%).
In South Africa, 36,1% of industrial computers came under attack.
The main source of attacks is still the Internet, at 28,2%. “There is a belief that industrial computers are isolated from the Internet, but this is not true, unfortunately,” Dashchenko says.
Other attacks vectors are email clients (9,9%), removable media (7%) and network folders (0,9%).
Internet of Things (IoT) threats are on the rise: Kaspersky identified 67 000 infected IoT devices in the region, generating 110-million attacks.
In the coming years, advanced persistent threat (APT) attacks are expected to become more sophisticated. “As security companies develop defences, the attacks just become more sophisticated.
The new targets will be agriculture; logistics and transportation; energy (mining, chemical, machine tool industries); and renewable energy in the high-tech sector.
There is a big spike in hacktivism, Dashchenko says. “These are not activitists attacking for fun or profit – they are ideologically and politically motivated. Not only highly skilled APT actors are leading these hacktivist, but governments are recruiting them as well.”
The geopolitical situation is exacerbating the insider threat situation. These are also often politically motivated.
Industrial leaders need to review their threat models to cater to the new attacks
Ransomware is rising around the world and is being used to cover other attacks such as espionage, Dashchenko says.
Another worry is the degradation between law enforcement agencies and cyber-intelligence organisations – and this drives new waves of cybercrime.
“If law enforcement agencies and companies cannot share information, the crimes increase,” Dashchenko says.
Looking to the future, there is a still a semiconductor shortage, which means companies have to pay more, and so cut their budgets somewhere – and cybersecurity training is often the victim.
“Such steps will lead to more cybersecurity problems,” Dashchenko says.
A move from on-premise to the cloud is also driving new cybersecurity threats.
Meanwhile, cybercrime attribution is becoming more difficult with political motivations rife.
Local ICS or critical infrastructure systems in some countries will be new targets for cybercrime because vendors are following political agendas.