Ransomware attacks are just one feature of a complex and increasingly aggressive threat landscape that organizations should protect themselves against. This includes:
Evolving threat actors
Cybercriminals are adapting, diversifying, and behaving more like state actors. Criminal operations are changing their tactics to reduce risks of detection and increase disruptions. They are attempting to maximize the return on their effort in several ways such as: shifting away from partnerships to operating within close-knit syndicates: taking advantage of the increased availability of ICS information to launch attacks; increasing the precision of targeting by using legitimate documents to identify likely victims before delivering malware: or selling and buying direct access to networks for ransomware delivery rather than carrying out advanced intrusions.
There is a complex range of motives at play in targeted ransomware attacks. While the motivation behind an attack may appear to be financial, there may be hybrid motives at work - a combination of financial ideology can and/or political drivers. Regardless, such attacks have the potential to impact the availability of ICS/OT. While the ransomware threat remains, organizations should ensure they take adequate measures to prepare, prevent, detect, respond, and contain a corporation-wide ransomware attack.
Supply chain threats
Improved ecosystem hygiene is pushing threats to the supply chain, turning friends into enemies. The global interconnectedness of business, the wider adoption of traditional industry cyberthreat countermeasures and improvements to basic cyber security hygiene, appear to be pushing cyberthreat actors to seek new avenues to compromise organizations, such as targeting their supply chains-including those for software, hardware, and the cloud.
Life after meltdown
Vulnerabilities in ICS/OT Infrastructure demand tuned/targeted solutions to prevent impact to availability. The discovery of vulnerabilities in proprietary process control hardware, such as programmable logic controllers (PLCs), in recent years combined with the use of commercial software and hardware, used for human machine interfaces (HM ls), Engineering Workstations, and JCS supporting systems such as Historians, have an impact on system availability increasing the risk to organizations, which could lead to loss of life.
As new threats emerge from disinformation and technology evolution, global businesses may find themselves in the crosshairs as geopolitical tensions persist. Cyberthreat actors may not only sustain current levels of activity, but also take advantage of new capabilities, as new technologies enable more sophisticated tactics, techniques, and procedures (TTPs) which are focused on ICS/OT environments.