Phosphorus Cybersecurity to Partner with Cyberani for Black Hat MEA 2024
Osama Al-Zoubi, the Vice President of Phosphorus Cybersecurity, says over the next year, we will see more sophisticated OT-focused malware
How has the regional threat landscape evolved over the past few months?
Many companies, especially in GCC countries like Saudi Arabia and the UAE are leveraging AI to enhance cybersecurity especially as it relates to threat detection and real-time anomaly analysis. However, cybercriminals are also using AI to execute sophisticated attacks. Critical infrastructure organizations especially in healthcare, oil and gas, financial services, and utilities will continue to be targeted because of their critical importance to economies and daily life.
What are the five major cybersecurity predictions for the upcoming months?
In a nutshell, if the past year is any indication, threats to OT & ICS Cyber-Physical Systems will only continue to rise in frequency, sophistication, and scope. From recent attacks and malware like FrostyGoop and Fuxnet to botnets like Volt Typhoon’s KV-Botnet, Nation-States, Hactivists, and Ransomware gangs are not only increasing their focus on OT/ICS/IIoT endpoints but are incorporating deeper knowledge of these systems to make their malware more effective and targeted.
Threat actors are also focusing more and more on exploiting vulnerabilities stemming from the lack of fundamental security hygiene on these mission-critical devices – including default passwords, insecure configurations, and unpatched firmware. As a result, we’ll likely see threat actors pivot to attacks that rely less on sophisticated ICS malware and more on simply exploiting the built-in functions native to network-connected ICS/OT devices to cause cyber-physical disruptions. This tactic will be coupled with ICS malware that is more generic and device-agnostic, allowing attackers to target entire categories of devices like PLCs and HMIs, as opposed to targeting only a specific device and manufacturer.
Nation-states will become savvier with their tactics and attacks. If we look at ICS and OT attacks over the past several years like Triton, Industroyer2, Pipedream, and 2024’s FrostGoop and Fuxnet attacks, it paints a picture of nation-states becoming much savvier with these obscure ICS devices and protocols. That obscurity is what has often created the false impression that these devices were not in play for threat actors like traditional IT endpoints. What we’re seeing now is that not only are these critical Cyber-Physical OT/ICS Systems in play, but they are a major focus of cyber aggression on the part of Nation-States, who understand better than ever how inherently vulnerable and insecure they are.
This will lead to even more living-off-the-land (LOTL) type attacks by Nation-States to exploit critical infrastructure so that they can be in a position to launch some type of disruptive, cyber-physical attack in response to certain geopolitical events. Lastly, given that many of the most prevalent Ransomware gangs are funded and operated by Nation-States, we will also see even more ransomware attacks on OT/ICS environments and organizations as a method to fund their military and cyber operations.
Globally, we expect to see more than 5 billion new xIoT devices come online over the next year. The security won’t be meaningfully better than it currently is only expanding potential attack surfaces globally. This will continue to fuel botnets and nation-state activity with lots of targets that can be compromised with little to no sophistication.
Over the next year, I’m anticipating we will see more sophisticated OT-focused malware. I get that’s an easy and predictable statement to make but I want to be clear on what I mean by it. The OT-focused malware has been evolving over the last 10 years with more support for different devices and protocols that were until recently thought to be obscure and difficult to manipulate. This includes libraries of exploits and techniques such as the ability to brute force passwords.
As attackers adapt to the OT world that was once poorly understood, it’s becoming clear that the next generation of OT malware is supporting multiple protocols, and multiple devices, and is much more outcome-oriented than the brittle technical tools of the past. Think Metasploit for OT. This kind of robust malware could usher in a new era where attacks against OT/ICS aren’t just performed by nation-states but by criminal elements with the same popularity as current ransomware campaigns.
What are your plans for Black Hat MEA?
Our plans for Black Hat MEA include partnering with Cyberani by meeting with customers and prospects in their booth. We also are presenting a session titled Securing the Next Frontier: Phosphorus xIoT and the Future of Cybersecurity for Connected Devices
Tell us about your regional commitment in terms of expanding reach through partnerships.
Partners are a critical part of our expansion and growth strategy in the Middle East and Africa. We need to develop business with leading cybersecurity partners in each country who have expertise in IoT and OT security. We’re committed to working alongside our partner community to help customers solve the challenges they have finding, fixing and monitoring their growing IoT/OT attack surface.