March 26, 2024 By Josh Nadeau 4 min read

As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.

Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights about offensive cybersecurity and new logistics and transportation risks.

Below, we’ll unpack the key takeaways from this annual Kaspersky report and provide actionable insights on how organizations should start preparing for the year ahead.

Ransomware will remain the top concern for industrial businesses

Last year, ransomware attacks solidified their status as the largest information security threat. These attacks didn’t just disrupt digital systems but can also lead to significant real-world consequences.

Official statements from affected organizations revealed that 18% of ransomware on industrial business attacks led to a halt in the production or delivery of various products, including medical devices, power grids and transportation systems. The financial fallout from these attacks was substantial, with damage estimates reaching hundreds of millions of dollars in some cases.

Ransomware attacks will lead to severe economic and social consequences

There is now a worrying trend of cyber attackers starting to prefer larger, “upmarket” victims. This is because of their capability to pay substantial ransoms. This situation sets a dangerous precedent, considering that the majority of these organizations play a critical role in the global economy and infrastructure.

For example, a recent attack on DP World, the Dubai-based international container terminal and supply chain operator, completely stopped work at ports in Melbourne, Sydney, Brisbane and Fremantle. This incident blocked the delivery of approximately 30,000 containers and led to a major ripple effect in the global supply chain.

There will be new types of targets and new schemes for monetizing attacks

While potential ransomware victims are unlikely to become fully immune to attacks, they’re still regularly adopting new strategies to mitigate their impact more efficiently. However, suppose these measures result in victims paying less money less frequently. In that case, cyber criminals will be more than likely to innovate their approach and find new targets and methods for monetizing attacks.

One potential avenue for attackers is logistics and transportation. With many of the vehicles in corporate fleets using telemetry, remote diagnostics and other connected technologies, attackers may be able to infiltrate and control these systems by exploiting vulnerabilities in supply chain management software. This could potentially result in major disruptions to transportation networks and cause significant economic damage.

Increase in politically motivated hacktivism

Recent trends are indicating a surge in politically motivated hacktivism, with the FBI warning about increased Distributed Denial of Service (DDoS) attacks. 2022 saw a resurgence of hacktivism on a large scale, particularly in light of geopolitical conflicts such as Russia’s invasion of Ukraine.

However, hacktivism isn’t something new and has been more prevalent in recent years with no signs of slowing. The 2021 attacks on railways and gas stations in Iran claimed by a pro-Israeli hacktivist group and more recent attacks on irrigation systems in Israel and Unitronics Vision hybrid controllers in Vietnam are just some examples of politically motivated cyberattacks.

As political tensions escalate, the threat level posed by politically motivated hacktivism could reach much higher, affecting a wider range of industries and businesses.

Widespread use of offensive cybersecurity

Organizations are turning to more proactive methods of protecting their systems and data as new threats emerge, including strict access controls and data encryption. This includes the use of offensive cybersecurity techniques, including penetration testing, bug bounties and red teaming exercises —  in other words, offensive cybersecurity.

Offensive cybersecurity involves actively seeking out vulnerabilities and weaknesses before they can be exploited by attackers. It gives users signs of potential compromise directly from attacker-controlled networks, the dark web and other sources. By adopting offensive cybersecurity practices, organizations can stay one step ahead of actors.

However, the widespread use of offensive cybersecurity also has potential downsides. As it becomes the new norm, the development of offensive cyber intelligence may blur the line between legal and illegal activities. If not regulated properly, offensive cybersecurity could lead to a “cyber arms race” where organizations and governments continuously try to outdo each other in terms of cyber capabilities.

Rapid automation and digitization of logistics and transport may lead to larger security issues

As the logistics and transportation industry rapidly adopts automation and digitization, security is a growing concern. Expanding digital attack surfaces could cause conventional offenses like auto theft, maritime piracy and smuggling to increase as well.

For example, modern cars might face higher risks of cyber theft since they have much more digital technology integrated into them. This also extends to cargo ships and planes. Recent incidents targeting Automated Tracking Systems in the Red Sea and the Indian Ocean, or the 2020 cyberattack on Iran’s Shahid Rajaee port terminal, highlight system vulnerabilities that need to be addressed.

What these predictions mean for organizations

As the cybersecurity landscape continues to shift, organizations must respond proactively to protect their data, operations and reputation. Here’s what these predictions mean for them.

Incorporating more effective ransomware response strategies

The increasing prevalence of ransomware attacks means organizations must be prepared. This involves not only implementing strong preventative measures but also having a comprehensive response strategy in place.

Companies should consider investing in services like threat intelligence and incident response, as well as conducting regular backups of critical data in off-premise storage facilities. Employee training is equally crucial, as many ransomware attacks stem from successful phishing attempts or social engineering that proper education could have prevented.

Prioritizing Investment in cybersecurity initiatives

Improving cybersecurity efforts regularly has become a business requirement for organizations. This includes upgrading existing security systems, implementing modernized security technologies and hiring professional cybersecurity staff.

In the same light, businesses must be aware of current cyber dangers and maintain the integrity of their current security systems so they can respond effectively, year after year.

Strengthening supply chain security measures

As businesses become more interconnected, supply chain security is a major concern. Organizations should ensure that their suppliers and partners comply with strict cybersecurity requirements to avoid exploiting any possible vulnerabilities.

Regular audits and risk assessments help identify potential vulnerabilities and control them before attackers exploit them while building trustworthy partnerships contributes to better supply chain security overall.

Building “offensive cybersecurity” tactics into defense strategy

Unlike traditional defensive security tactics that “react” to cyber threats, offensive cybersecurity introduces a forward-looking approach that aims to disrupt potential cyberattacks before they become a major risk.

This lateral movement in security involves active engagements like threat hunting, conducting detailed vulnerability assessments and performing penetration testing to uncover weaknesses. The strategic application of artificial intelligence and machine learning technologies also helps in analyzing large datasets to spot emerging threat patterns.

Keeping up with evolving threats

Given the growing severity of cyber threats, organizational approaches to fighting them must evolve to stay ahead. By investing in your organization’s cybersecurity programs and laying the groundwork for an effective threat response, you can significantly reduce your attack surface while keeping critical operations secure.

Threat Intelligence Index report 2024

More from Risk Management

Working in the security clearance world: How security clearances impact jobs

2 min read - We recently published an article about the importance of security clearances for roles across various sectors, particularly those associated with national security and defense.But obtaining a clearance is only part of the journey. Maintaining and potentially expanding your clearance over time requires continued diligence and adherence to stringent guidelines.This brief explainer discusses the duration of security clearances, the recurring processes involved in maintaining them and possibilities for expansion, as well as the economic benefits of these credentialed positions.Duration of security…

Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

4 min read - On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code.While ConnectWise initially reported that the vulnerabilities had proof-of-concept but hadn’t been spotted in the wild, reports from customers quickly made it clear that hackers were actively exploring both flaws. As a result, the company created patches for…

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today