Generative artificial intelligence, Ransomware or the exploitation of known vulnerabilities are going to be part of the cybersecurity trends in critical infrastructures, and not in the same way as in IT environments, so it is worth devoting specific attention to them.
We have been reading all kinds of predictions for 2024 for months now, and the truth is that we have been in for a few weeks now in which some trends are consolidated and perhaps others are about to appear.
Among the trends that are consolidated, Generative Artificial Intelligence undoubtedly stands out. Its use is multiplying and it is worth commenting on the aspects that most impact critical infrastructures.
Cybersecurity – Critical Infrastructure
• Adoption: All data analytics environments are beginning to exploit it, searching for patterns, filtering suggestions, references, etc. Demand prediction and renewable energy adjustment systems find a valuable niche in the IAG.
• Prohibition: Despite its growth, a contrary movement is also observed, such as in environments where the perception of risk due to exfiltration of critical information is leading to blocking access to this technology by all possible means.
• Exploitation: The threat prediction reports from Fortinet and Google deserve special attention due to how they are observing that extortion groups are the first to massively integrate AI capabilities when generating cyber attacks. Relying on the growing capabilities of their respective arsenals, the sophistication of their activities is expected to increase. They will launch more selective and stealthy attacks designed to bypass tighter security controls, mask themselves in louder operations that distract defenders, and become more agile by making each tactic in the attack cycle more efficient.
• Proliferation: In line with the above, APTs and, especially, Crime as a Service (CaaS) platforms will be able to multiply their capabilities through the exchange of information between them. In this way, they will be able to improve and expand capabilities in each of the phases of the attacks and, once again, rely on AI to improve the application of TTPs according to the target environments. We are referring, therefore, to taking advantage of payloads against known vulnerabilities, but disseminated at scale and combined with new capabilities with which to test Zero-Days.
• Reaction: SOCs must prepare to face the improved tactics of cyber attackers thanks to AI and that will only be possible by also resorting to this same technology. Thanks to it, they will improve their ability to better characterize attacks and attackers, move from IOCs to TTPs and recognize patterns based on these with which to distinguish massive and synthetic attacks from stealthy and targeted attacks hidden among the previous ones.
On the other hand, environments such as electricity and Oil&Gas are undergoing an enormous transformation.
In the electrical environment, no one is unaware of the current influence of renewable energies and the deployment, now, of charging points for electric vehicles.
Both environments are based on completely different paradigms from traditional ones such as remote operation, variability of generation and consumption, use of shared communications infrastructures, continuous connection to manufacturers or exposure to cloud environments. And this paradigm shift will force us to think, not only about its impact on traditional infrastructure, but also the added impact of cyber threats to these vectors and their new weight in the ecosystem.
The Oil&Gas environment is no less, decarbonization, direct or through mobility, is also transforming it and the new protagonist promises to be called Hydrogen. The announced investments are enormous, the deadlines are very demanding and it remains to be seen if the construction of the new plants does not adopt remote systems commissioning practices, initiated with the pandemic. On the other hand, it remains to be confirmed the success of blending (use of gas pipelines for both hydrogen and natural gas) and, therefore, whether the operation of the gas system also undergoes a transformation in its operation.
Therefore, systems that change their way of operating, their exposure to other actors is altered and, taking into account what was discussed above with AI, we propose the following predictions:
Ransomware is going to be on the rise, surely preceded by breaches that we will discover against which we will increasingly be able to better correlate these future attacks based on the information exfiltrated from the victims.
On the other hand, the exploitation of known vulnerabilities, especially in non-Windows systems, on access equipment – generally not labeled as critical – could cause non-targeted attacks to become a threat to the sector. It is a situation that we have already seen, specifically in Denmark, where a large number of wind plants suffered disruption due to the exploitation of unpatched routers (and with a patch available), without it being a targeted attack as could later be verified by the impact assessment of the attack throughout Europe on equipment from the same manufacturer.
Finally, a wish more than a prediction, is that patching systems -beyond the server station infrastructures- is a priority and is addressed in all senses, from the improvement of patching practices, the adoption of prioritizing the improvement of infrastructure that allows for more agile patching, without impact on the operation.