Unprecedented surge in critical infrastructure cyberattacks
In 2023, global cybersecurity leader Forescout and Vedere Labs recorded over 420 million attacks on critical infrastructure, representing a 30% increase from 2022 and equivalent to 13 attacks every second, according to the 2023 Global Threat Roundup.
The United States was the primary target of these attacks, with 168 malicious actors focusing their activities on the country. The UK, Germany, India, and Japan were also top targets, ranking 2nd, 3rd, 4th, and 5th respectively, while Australia was sixth with 63 malicious actors. Most of these nefarious actors were identified as originating from China (155), Russia (80), and Iran (45).
The sectors hardest hit in the wave of attacks included government, financial services, healthcare, manufacturing, and technology. This underscores the urgent need for more robust cybersecurity measures across all these industries.
Elisa Costante, VP of Research at Forescout Research - Vedere Labs, points to the need for action and sees a possible path to improvement. "While it's true that current efforts have fallen short in fully harnessing crucial technology to fortify critical assets and assess risks, there is an opportunity for improvement," she noted.
In the roundup, Forescout provides key insights into the evolving cybersecurity landscape. Significantly, the report notes a decline in exploits against software libraries due to the declining popularity of Log4j exploits, allowing a surge in attacks targeting network infrastructure and Internet of Things (IoT) devices. IP cameras, building automation systems, and network-attached storage have become sought-after targets for threat actors.
Only 35% of exploited vulnerabilities appeared on the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) list. This divergence stresses the importance of a comprehensive cybersecurity approach beyond just relying on known vulnerability databases.
Operational Technology (OT) is enduring relentless attacks, particularly protocols used in industrial automation and power sectors. Post-exploitation tactics are also shifting, with persistence tactics marking a 50% surge. Additionally, various malware families remain formidable threats, including the Agent Tesla Remote Access Trojan (RAT), variants of the Mirai botnet, and the Redline info stealer.
Costante stressed the importance of comprehensive visibility into all connected devices, managed or unmanaged. She believes that by adopting this proactive approach, enterprises can move from a reactive defence posture. This shift signals a more optimistic outlook for protecting critical infrastructure.
Forescout employs its Adversary Engagement Environment (AEE) to conduct analysis, blending real and simulated connected devices to identify threat actor patterns at a granular level. Insights from this environment are leveraged in Forescout products and shared with vendors, agencies, and other researchers to elevate responses to complex critical infrastructure attacks.