Kaspersky experts predict a shift in advanced persistent threat (APT) activity against industrial organizations and OT systems in new industries and locations.
Attack surface will also increase due to digitization in a race for higher efficiency in IIoT and SmartXXX, including systems for predictive maintenance and digital twin technology. This trend is supported by the statistics of attacks on Computerized Maintenance Management Systems (CMMS) in the first half of 2022.
The risks of expanding attack surface are also connected to the rising energy carrier prices and the resulting rises in hardware prices, which would force many enterprises to abandon plans to deploy on-premise infrastructure in favor of cloud services from third-party vendors and may also affect some IS budgets.
SandStrike spyware spreads through VPN — Kaspersky
Kaspersky reveals external cybersecurity loopholes in SEA
Threats may also come from unmanned transportation means and aggregates that can either be targets or tools for attacks. Other risks to watch out for are the heightened criminal activity with a goal to harvest user credentials as well as more volunteer ideological and politically motivated insiders, and insiders working with criminal groups, usually extortionists and APTs. These insiders may be active in production facilities, as well as technology developers, product vendors and service providers.
New techniques and tactics to watch out for in future attacks
Kaspersky ICS CERT researchers also listed the top techniques and tactics expected to flourish in 2023:
- Phishing pages and scripts embedded on legitimate sites
- The use of broken distributives with Trojans packed inside, patches and key generators for commonly used and specialist software
- Phishing emails about current events with especially dramatic subjects, including political events
- Documents stolen in previous attacks on related or partner organizations being used as bait in phishing emails
- The spread of phishing emails from compromised employees’ and partners’ email boxes disguised as legitimate work correspondence
- N-day vulnerabilities – these will be closed even more slowly as security updates for some solutions become less accessible in some markets
- Abusing basic default configuration errors (such as using default passwords) and easy zero-day vulnerabilities in products from ‘new’ vendors, including local ones.
- Attacks on cloud services
- Using configuration errors in security solutions, for instance, the ones allowing to disable an antivirus solution
- Using popular cloud service as CnC – even after an attack is identified, the victim might still be unable to block the attacks because important business processes could depend on the cloud
- Exploiting vulnerabilities in legitimate software, DLL Hijacking and BYOVD (Bring Your Own Vulnerable Driver), for instance, to bypass end node security
- The spread of malware via removable media to overcome air gaps