The year 2023 will see a significant shift in the way cyberattacks are engineered and that is just a start. To help you understand how things will change in 2023, we have distilled our learning from the last 4 years and the threat intelligence gathered from our global threat research facilities into specific points for your understanding.
We would like to place on record these specific IoT and OT security predictions:
- Cyberattacks on OT networks in North America will be driven by cyberattacks deflected from IoT devices and networks connected with new IoT projects. This is a tricky one. The bad actors are already sitting on many proof-of-concept projects running across sectors such as logistics, renewable energy, and more. Networks hosted by such projects are being breached with the devices converted into zombies to target third-party OT networks for the exfiltration of data and infiltration of malware-laden data traffic
- Target: immigration systems: case management software handling data and workflows and systems that enable audit trails will be targeted in US and Canada. These attacks will be targeted at disrupting these systems and erasing data
- Airports will be targeted through on-site connected devices; personal data in ticketing systems will be targeted
- Incident response will be a clear priority for many organizations in 2023. The focus will be on detecting and containing attacks while ensuring continuity of business and employee and data safety
- Load on SOC teams will rise: some SOC teams will see a reduction in the number of employees assigned to them as part of downsizing. Hackers could target such SOC facilities through a false positive surge to tie the resources down further before launching the big one.
- Reply-phishing attacks using stolen credentials will see a sharp rise in 2023. Non-APT actors will use this tactic extensively to breach corporate networks connected with IoT and OT. Data stolen from cloud email servers or data back-ups hosted on unsecured servers will be used for this purpose
- APT groups have been trying to infiltrate defense and space tech supply chains in US and Canada for a while. Component manufacturing companies in South Korea, Taiwan, and Japan could be targeted to gain entry into supply chains connected with military hardware.
- Ship-to-shore and Satcom communications for LNG carriers will be targeted on high seas
- Oil pipelines continue to be under the radar of hackers
- Revenge cyberattacks carried out through cyberattacks for hire groups or by hacktivists will rise in 2023
- Massive increase in threat surface area due to the addition of more connected systems to manage various functions remotely or onsite
- Companies that have not finished cyber audits in the last 90 days are at risk
The IoT and OT Security CISO peer survey 2022 report conducted by Sectrio is a must-read for all. Click here and download your copy of the report now: The CISO Peer Survey Report 2022
We are giving away threat intelligence for free for the next 2 weeks. Find out how you can sign up and try out our threat intelligence feeds
Find out what is lurking in your network. Go for a comprehensive 3-layer threat assessment now