Ransomware attacks and targeted attacks will continue to be among the biggest threats to cybersecurity risks facing industrial companies this year, as well as further targeted fraud attacks on industrial companies, according to ICS (Cyber Control) Heads of Emergency Computer Teams Evgeny Goncharov .
Industrial systems typically have many interfaces and interconnections with internal and external industrial, business and service provider systems and the combination of industry components and programs and consumer information technology (IT) (19659002) ICS owners and operators are attempting to make cybersecurity problems more complex Recognize and solve IT ecosystems in their companies. However, real-time threat intelligence resources are becoming increasingly relevant to helping ICS experts identify and close security holes that they are unaware of and defend themselves more effectively against targeted and random attacks, Goncharov said.
In particular, new malware, malicious tools, and methods of attack will continue to exploit vulnerabilities in components of industrial automation systems and enterprise technology infrastructure (OT). Another possibility is the emergence of ransomware targeting field-level ICS devices and physical devices such as pumps or switches.
"There are usually many interfaces between enterprise networks and industrial companies, control systems and components that have proven vulnerable to even consumer-oriented malware and ransomware."
Scammers and targeted attacks could also target the IT systems of contractors and Compromise service providers for use as an attack vector against an industrial operation or facility. Likewise, attacks on mobile devices used by shooters are expected.
Industry is aware of the vulnerabilities in systems and components developed before the current industrial age, as well as the vulnerabilities of commercial and private IT devices. All connections and connections between IT and OT segments are constantly mapped and monitored, in addition to monitoring communications within the OT network, to detect and close vulnerabilities, prevent or at least detect attacks in their early stages and limit attacks the possible damage, says Goncharov.
"ICS security is not easy to handle, and while it seems that the entire network should be reworked to be secured by design, this is typically not possible, so expert advice, resources, and services – such as cyber security – complement each other Intelligence Feeds – the detailed technical knowledge of the ICS expert with external, cross-industry information and alerts. "
In addition, many industrial companies directly and indirectly interconnect their partners and suppliers across various IT and OT systems, mostly with other local companies that increase the efficiency of the supply chain but expose companies to additional vulnerabilities.
Kaspersky Lab predicts an increase in attacks on industrial companies, due in part to generic and consumer malware and ransomware that can potentially infect industrial systems, as well as the increasing use of targeted ransomware attacks on the industry.
The concentration of threat actors on industrial control systems will inevitably create new segments of the cybercriminals market focused on the theft of ICS configuration data and credentials. Also offers of botnets with "industrial" nodes may appear on the market.
Designing and implementing advanced cyber attacks on physical objects and systems requires expert knowledge of ICS and the relevant industries. Demand for this expertise is expected to drive growth areas such as malware as a service, attack vector design as a service and attack campaign as a service, and other services related to attacks on industrial companies.
Other organizations and individual users typically lure IoT devices (Internet of Things) to the periphery of their attention. However, the number of existing IoT devices is already large and they are mostly devices that can not be protected with traditional methods. These include timely patching, installing and configuring antivirus solutions, and updating antivirus databases.
Cybercriminals use the security of IoT devices in traditional IT systems. The number of attacks on IoT devices will undoubtedly increase.
New botnets with IoT devices are created for Distributed Denial-of-Service (DDoS) attacks on legacy IT systems. The most obvious use of infected IoT devices is the performance of large-scale DDoS attacks on Internet services and telecommunications