SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
IoT
#
Network Infrastructure
Unprecedented surge in critical infrastructure cyberattacks
Thu, 25th Jan 2024
Author image
By Shannon Williams, Journalist
Follow us

In 2023, global cybersecurity leader Forescout and Vedere Labs recorded over 420 million attacks on critical infrastructure, representing a 30% increase from 2022 and equivalent to 13 attacks every second, according to the 2023 Global Threat Roundup.

The United States was the primary target of these attacks, with 168 malicious actors focusing their activities on the country. The UK, Germany, India, and Japan were also top targets, ranking 2nd, 3rd, 4th, and 5th respectively, while Australia was sixth with 63 malicious actors. Most of these nefarious actors were identified as originating from China (155), Russia (80), and Iran (45).

The sectors hardest hit in the wave of attacks included government, financial services, healthcare, manufacturing, and technology. This underscores the urgent need for more robust cybersecurity measures across all these industries.

Elisa Costante, VP of Research at Forescout Research - Vedere Labs, points to the need for action and sees a possible path to improvement. "While it's true that current efforts have fallen short in fully harnessing crucial technology to fortify critical assets and assess risks, there is an opportunity for improvement," she noted.

In the roundup, Forescout provides key insights into the evolving cybersecurity landscape. Significantly, the report notes a decline in exploits against software libraries due to the declining popularity of Log4j exploits, allowing a surge in attacks targeting network infrastructure and Internet of Things (IoT) devices. IP cameras, building automation systems, and network-attached storage have become sought-after targets for threat actors.

Only 35% of exploited vulnerabilities appeared on the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) list. This divergence stresses the importance of a comprehensive cybersecurity approach beyond just relying on known vulnerability databases.

Operational Technology (OT) is enduring relentless attacks, particularly protocols used in industrial automation and power sectors. Post-exploitation tactics are also shifting, with persistence tactics marking a 50% surge. Additionally, various malware families remain formidable threats, including the Agent Tesla Remote Access Trojan (RAT), variants of the Mirai botnet, and the Redline info stealer.

Costante stressed the importance of comprehensive visibility into all connected devices, managed or unmanaged. She believes that by adopting this proactive approach, enterprises can move from a reactive defence posture. This shift signals a more optimistic outlook for protecting critical infrastructure.

Forescout employs its Adversary Engagement Environment (AEE) to conduct analysis, blending real and simulated connected devices to identify threat actor patterns at a granular level. Insights from this environment are leveraged in Forescout products and shared with vendors, agencies, and other researchers to elevate responses to complex critical infrastructure attacks.

Related stories
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
Jason Haddix joins Flare as Field Chief Information Security Officer
High Performance Podcast duo to keynote Infosecurity Europe conference
New UK cybersecurity law takes effect amid evolving threats
Top stories
The messaging evolution and the fight against fraud
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity