Electricity and Control April 2024

CYBERSECURITY

Industrial cybersecurity – 2023 in review, outlook for 2024

A t the 9th annual Cybersecurity Weekend META (Middle East, Turkiye, and Africa) conference held in February in Kuala Lumpur, Malaysia, Kaspersky presented an indus trial cybersecurity review for the countries in the region and outlined key challenges for industrial enterprises in the year ahead. According to Kaspersky Security Network (KSN) statis tics, in the second half of 2023, 32.6% of ICS computers globally had been attacked with malware. In the META re gion, the figures reflect 36.5% for Turkiye, 36.8% for Africa (27.5% in South Africa, 34.5% in Kenya, 28.8% in Nigeria), and 33.5% for the Middle East region. There is a slight de crease in the figure for this region compared to 2022, which may be the result of industrial organisations paying more attention to cybersecurity. African countries are undergoing rapid digitalisation and integration into the world’s economy, and at the same time are facing a significant cybersecurity under-investment problem. In the second half of 2023, 7.55% of Operational Technology computers in Africa were exposed to threats via USBs (that is 20 times more than the figure in Western Europe); 7.2% faced threat by worms (28 times more than in Australia and New Zealand); and 9.1% of OT computers were exposed to spyware (7.7 times more than the figure for North America). Looking back at 2023, Kaspersky predicted the industri al cybersecurity landscape continuing to evolve, with sev eral key trends emerging. The pursuit of efficiency in IIoT and SmartXXX systems fuelled an expanded attack surface and the surge in energy carrier prices led to heightened hardware costs, prompting a strategic shift towards cloud services. Growing government involvement in industrial processes also introduced fresh risks, including concerns about data leaks due to underqualified employees and in adequate practices in responsible disclosure. This retrospective analysis lays the groundwork for un derstanding the cybersecurity landscape faced by industri al enterprises in 2024. Kaspersky Industrial Control Systems Cyber Emergency Response Team (ICS CERT) predictions for 2024 highlight the persistence of ransomware threats, the rise of cos mopolitical hacktivism, an outlook on the state of ‘offensive

cybersecurity’, and transformative shifts in logistics and transport threats.

Ransomware targeting high-value entities Ransomware is projected to persist as the primary con cern for industrial enterprises in 2024. Large organisations, unique product suppliers, and major logistics companies face increased risks, with potentially severe economic and social consequences. Cybercriminals are expected to tar get entities that have the resources for substantial ransom payments, causing disruptions in production and delivery. Cosmopolitical protest hacktivism Geopolitically motivated hacktivism is forecast to intensify, presenting more destructive consequences. In addition to country-specific protest movements, the rise of cosmopo litical hacktivism is expected too, driven by socio-cultural and macro-economic agendas such as eco-hacktivism. This diversification of motives may contribute to a more complex and challenging threat landscape. Subtler threats and detection challenges The use of ‘offensive cybersecurity’ for gathering cyber threat intelligence is anticipated to have controversial con sequences. While it may improve corporate security by providing early signs of potential compromises, the thin line between the grey zone and the shadows may be breached. Profit-driven cyber activities, armed with commercial and open-source tools, could operate more discreetly, making detection and investigation challenging. Threats to logistics and transport The rapid automation and digitisation of logistics and trans port are introducing new challenges, intertwining cyber and traditional crimes. These include theft of vehicles and goods, maritime piracy, and smuggling. Non-targeted cy berattacks may lead to physical consequences, especially in river, sea, truck, and special-purpose vehicles. “Cybersecurity in the industrial sector is seeing contin ual significant changes emerging in new types of attacks and more sophisticated versions of old ones. Ransomware attacks are still a big problem, and hackers are getting better at targeting large, profitable companies with more advanced methods. Hacktivists who are motivated by so cial issues are also becoming more active, adding another layer of complexity to the threats. The transportation and logistics industry is especially vulnerable to these changes because its systems are increasingly becoming digital. The combination of cyber and traditional crime presents a seri ous threat to global supply chains. To protect themselves, organisations need to prioritise cybersecurity and keep im proving their defences,” commented Evgeny Goncharov, head of Kaspersky ICS CERT.

The graphic highlights the main sources of cybersecurity threats in industrial enterprises in Africa, in the second half of 2023.

For more information visit: https://ics-cert.kaspersky.com/

30 Electricity + Control APRIL 2024