Industrial Cybersecurity Predictions for 2024 - Part 4

How regulatory actions, SBOMs and the ghosts of past vulnerabilities will shape cyber defense.

Cybersecurity In A Bubble

The final collection of predictions and prognostications for industrial cybersecurity in 2024.

Chad Loeven, Vice President of Business Development -  OPSWAT:

  • In software development supply chains, open-source libraries are a widely used component – it's so easy to grab a random open-source library, stick it in your code, and hope for the best. However, open-source libraries remain a weak underbelly and pose significant security risks as they are easily targetable by malicious actors aiming to compromise their integrity by inserting vulnerabilities or backdoors. Because of this, SBOM (software bill of materials) scanning will become critical to providing an accurate inventory of vulnerable open source libraries and containers.
  • A recent Huntress report highlights a surge in the adoption of "living off the land" strategies, where threat actors script legit applications to behave badly, avoiding detection. According to Huntress' findings, 56 percent of documented threat actor activities demonstrated a form of being 'malware free' across various intrusion scenarios, and there is a growing trend in leveraging remote monitoring and management (RMM) software as an entry point for intrusions. In 65 percent of incidents, threat actors employed RMM software for persistence or as a means of remote access. The challenge is that IT teams rely on similar techniques and software, making it challenging to detect these subtle threats.
  • Unveiling the malicious behavior requires a thorough analysis of the script, and accomplishing this requires a sandbox. As a result, we could see a heightened demand in the market for sandbox technology to effectively analyze these evasive and sophisticated threats.

Bobby Cornwell, Vice President Strategic Partner Enablement & Integration - SonicWall:

In 2024, incoming cybersecurity regulations will force businesses to be more transparent about their breaches and attacks. Forthcoming legislation, such as the EU's NIS2 Directive and the Cyber Resilience Act, will impose more stringent standards for cyber protection and establish clear reporting timelines in the event of a breach.

As these directives take effect, businesses will be made to share with their partners and suppliers early identifications of system vulnerabilities, or face fines. The aim of this is to prevent cybercriminals from inflicting widespread damage across multiple businesses. In 2024, it will be crucial to optimize the transparency afforded by these regulations. By dragging cybercriminals out into the open, authorities can more effectively curtail their illicit activity. 

Douglas McKee, Executive Director, Software Engineering - SonicWall:

Security professionals prefer to forget about past vulnerabilities such as Log4j, as they are often tied to a traumatic time. However, this is exactly what threat actors prey on. While many patches are in place from big-name vendors and security vendors have issued a wide range of signatures to cover Log4j, it is still one of the biggest supply chain vulnerabilities discovered to date.

Due to its position in the supply chain, its continued discovery in new places and its unfortunate continued implementation in new code, it is well worth an attacker’s time. SonicWall’s threat data is trending to demonstrate a potential 10 percent year-over-year increase from 2022 to 2023 in Log4j-related attacks. By the end of 2024, we predict there will be an even larger increase.

Cybersixgill:

  • In 2024, 40 national elections will occur worldwide. As threat actors’ motivations stretch beyond financial gain, Cybersixgill predicts an uptick in attacks targeting entities without profit centers, such as schools, hospitals, public utilities, and other essential services, as bad actors aim to gain power and influence and cause general disorder.
  • Cybercriminals will increasingly offer their skills and expertise for hire through ransomware-as-a-service, malware-as-a-service, and DDoS-as-a-service offerings.
  • Affiliate programs will continue to grow as powerful cybercriminal gangs franchise their ransomware technology, scaling operations to a network of lesser-skilled individuals for distribution, making the extortion business accessible and profitable to a larger pool of threat actors. 

Matt Wiseman, Senior Product Manager, OPSWAT:

  • Greater requests for SBOMs and more demand to understand tools at a deeper level will lead to increased requirements from regulatory organizations or government agencies. Given the growing concern for threats from vendors, third-parties, or nation-states, all software will be more thoroughly vetted before being deployed in critical areas.
  • Increased partnerships and acquisitions of OT security providers by OT OEMs and DCS vendors. Additionally, DCS vendors will recommend more technology partners to ease the decision process for their own customers looking at security providers.
  • Increased involvement from governments and regulatory bodies to enforce and recommend practices and mandatory technology for OT operators.
More in Cybersecurity