December 2, 2022 12:54 p.m.

A recent Kaspersky study on the consequences of automation and increased use of robots showed the growing level of robotization in companies but highlighted the increased number of cybersecurity risks this causes. Today, 79% of employees believe that robots should be more widely used across different industries, however, 85% of them fear robot hacking.

Nowadays, robotics is being used to command industrial control systems, production processes and other information technology.

It replaces manual labor, improving efficiency, speed, quality and performance.

With this in mind, Kaspersky conducted a study to learn the opinion of employees of manufacturing companies and other large organizations around the world about the consequences of automation and increased use of robots.

The goal was to gather employees’ thoughts about the security of robots and automated systems in their companies. The survey was conducted across 15 countries: USA, France, Italy, Germany, Spain, South Korea, Japan, Singapore, Argentina, Brazil, Egypt, South Africa, Saudi Arabia, UAE, and Turkey.

Employees reported an increase in robotization levels in their companies over the last 2 years. Forty-one percent of employees said their organizations already use robots, and 29% of organizations plan to use them in the near future. 

One of the findings in the research was that respondents believe robots can help industries increase economic benefits as well as saving people from dangerous duties.

This point of view is shared by more than half of the surveyed employees, as 52% think use of robots can accelerate and increase the efficiency of production processes and cut down costs, and 60% believe robotization can free people from hard or dangerous duties, reducing risks to life and health in the future.

This, in turn, will help employees avoid routine and boring duties and retain more interesting and highly paid positions (36%).  

More than one third of respondents consider that one of the key tasks that robots can successfully perform is to build a safe environment and reduce the likelihood of accidents due to human error.

This point of view was shared by 36% of employees.

Another important finding was that cybersecurity risks increase because of robotization. 

The majority of respondents (85%) believe that robots can get hacked, and 51% know of incidents such as these occurring in their company or other local businesses.

Respondents are split in their assessment of how protected robots are: almost one half of employees (44%) believe that not enough cybersecurity measures are in place to protect the robots in different industries while 40% believe that sufficient protective measures are in place.

“Cyber-physical systems use industrial robots more often to increase production efficiency. However, new technologies like these bring new cyber risks because they are potentially vulnerable to cyberthreats. Kaspersky sees ensuring that cybersecurity remains at the forefront of robot technology adoption as its mission, helping to tackle the challenges and capitalize on the opportunities that robotization presents,” comments Andrey Strelkov, Head of Industrial Cybersecurity Product Line at Kaspersky. 

“In our research, we asked respondents to judge not only how convenient and efficient robots are to use in production, but also their level of safety. It turned out that many employees believe that using robots causes risks. Robots, robotic controllers, automation systems, and supply chains are going to become the prime vector for cyberattacks in the coming years, and they need protection here and now. Before one integrates robots into production, one needs to guarantee network intrusion robustness and overall network security,” says Strelkov.

“Not all modern technologies are designed with security in mind, so only the use of defense-in-depth industrial network protection and multifunctional monitoring platforms will ensure uninterrupted operation of the company. Dedicated solutions like Kaspersky Industrial CyberSecurity may become an efficient assistant for protecting robotics in production,” adds Strelkov.

To keep your industrial computer systems protected from various threats, Kaspersky experts recommend:

• Conducting regular security assessments of OT systems to identify and eliminate possible cyber security issues.
• Establishing continuous vulnerability assessment and triage as a basement for effective vulnerability management process. Dedicated solutions like Kaspersky Industrial CyberSecurity may become an efficient assistant and a source of unique actionable information, not fully available in public.
• Performing timely updates for the key components of the enterprise’s OT network; applying security fixes and patches or implementing compensating measures as soon as it is technically possible is crucial for preventing a major incident that might cost millions due to the interruption of the production process.
• Using Industrial EDR solutions such as Kaspersky Industrial Cybersecurity for Nodes with EDR for timely detection of sophisticated threats, investigation, and effective remediation of incidents.
• Improving the response to new and advanced malicious techniques by building and strengthening your teams’ incident prevention, detection, and response skills. Dedicated OT security training for IT security teams and OT personnel is one of the key measures helping to achieve this.

The full presentation with results and more insights on the consequences of automation and increased use of robots are available via the link.

November 27, 2022 7:20 p.m.

Filipinos absolutely live and breathe mobile gaming, and here’s some good news: being the best mobile gamer around no longer has to break the bank.

That’s because Infinix is dropping the brand-new HOT 20S on November 27, which lets you own the competition as a top game assassin–all at an affordable price.

Now, you don’t even have to spend more than P9,000 to enjoy #MoreSmoothGameplay on the HOT 20S. The phone packs a Helio G96 Premium Gaming Processor and up to 13 GB of RAM, which powers all your favorite games and allows it to perfectly handle the toughest and latest titles. You can have a wide selection of games to download and stomp other players in thanks to its 128GB ROM storage.

You’ll also never miss a single detail in the action thanks to the HOT 20S’s 120Hz 6.78-inch Full HD+ HyperVision Gaming Pro display, which gives you bright and vivid high-resolution visuals no matter what you’re running. Your sessions can also go for as long as you want thanks to its 5000mAh Power Monster battery that fills up quickly with its 18W Power Charge.

The whole gaming experience is rounded out by the HOT 20S’s Bionic Breathing Cooling System, which keeps the phone humming and going through great heat and pressure. Meanwhile, the All-Around Gaming Network Enhancement Turbo increases its performance during playtime even further.

For those who still want to upload great-looking content on their social media accounts, the HOT 20S also packs a solid 50MP Super Nightscape Triple Camera setup, which lets you take stunning photos and videos, especially in low-light settings.

So what are you waiting for–be the best game assassin you can be without spending too much, as the Infinix HOT 20S gives you #MoreThanWhatYouPayFor, guaranteed. Get it for a suggested retail price of P8,499 from Lazada, Shopee, TikTok Shop, and official Infinix kiosks nationwide starting November 27. Get it for even less at only P7,849 exclusively on Lazada on November 28, and P7,999 in a limited-time Flash Sale on Lazada, Shopee, TikTok Shop starting December 1. For more info on the HOT 20S, visit the official Infinix website.

November 16, 2022 1:14 p.m.

Kaspersky researchers presented their vision of the future for advanced persistent threats (APTs), defining the changes in the threat landscape that will emerge in 2023. Attacks on satellite technologies, mail servers, the rise of destructive attacks and leaks, drone hacking and the next big cyber epidemic are among some of the predictions for the next year.

The political turmoil of 2022 brought about a shift that will echo in cybersecurity for years to come and have a direct effect on the development of future sophisticated attacks. The 2023 forecast is based on the expertise and the activities the Kaspersky Global Research and Analysis Team (GReAT) has witnessed this year while tracking more than 900 APT groups and campaigns.

The next WannaCry and drones for proximity hacking

Statistically, some of the largest and most impactful cyber epidemics occur every six to seven years. The last such incident was the infamous WannaCry ransomware-worm, leveraging the extremely potent EternalBlue vulnerability to automatically spread to vulnerable machines. Kaspersky researchers believe the likelihood of the next WannaCry happening in 2023 is high. 

One potential reason for an event like this occurring is that the most sophisticated threat actors in the world are likely to possess at least one suitable exploit, and current global tensions greatly increase the chance a ShadowBrokers-style hack-and-leak could take place.

Major shifts will be reflected in new types of targets and attack scenarios too, as experts believe next year, we may see bold attackers and specialists adept at mixing physical-and cyber-intrusions, employing drones for proximity hacking. 

Some of the possible attack scenarios include mounting drones with sufficient tooling that would allow the collection of WPA handshakes used for offline cracking of WiFi passwords or even dropping malicious USB keys in restricted areas in the hope that a passer-by would pick them up and plug them into a machine.

Other advanced threat predictions for 2023 include:

• SIGINT-delivered malware

One of the most potent attack vectors imaginable, which uses servers in key positions of the internet backbone allowing man-on-the-side attacks, may come back stronger next year. While these attacks are extremely hard to spot, Kaspersky researchers believe they will become more widespread and will lead to more discoveries.

• The rise of destructive attacks

Given the current political climate, Kaspersky experts foresee a record number of disruptive and destructive cyber-attacks, affecting both the government sector and key industries. It is likely that a proportion of them will not be easily traceable to cyber incidents and will look like random accidents. The rest will take the form of pseudo-ransomware attacks or hacktivist operations to provide plausible deniability for their real authors. High-profile cyber attacks against civilian infrastructures, such as energy grids or public broadcasting, may also become targets, as well as underwater cables and fiber distribution hubs, which are challenging to defend.

• Mail servers become priority targets

Mail servers harbor key intelligence so are of interest to APT actors and have the biggest attack surface imaginable. The market leaders of this type of software have already faced exploitation of critical vulnerabilities, and 2023 will be the year of 0days for all major email programs.

• APT targeting turns toward satellite technologies, producers, and operators

With existing capabilities, evidence of APTs being capable of attacking satellites -with the Viasat incident as an example- it is likely that APT threat actors will increasingly turn their attention to the manipulation of, and interference with, satellite technologies in the future – making the security of these technologies ever more important.

• Hack-and-leak is the new black (and bleak)

The new form of hybrid conflict that unrolled in 2022 involved a large number of hack-and-leak operations. These will persist in the coming year with APT actors leaking data about competing threat groups or disseminating information.

• More APT groups will move from CobaltStrike to other alternatives

CobaltStrike, a red-teaming tool, has become a tool of choice for APT actors and cybercriminal groups alike. With it gaining so much attention from the defenders, it is likely that attackers will switch to new alternatives such as Brute Ratel C4, Silver, Manjusaka or Ninja, all offering new capabilities and more advanced evasion techniques.  

“It is quite clear 2022 saw major changes to the world’s geopolitical order and ushers in a new era of instability. A portion of our predictions focus on how this instability will translate into nefarious cyber activities, while others reflect our vision of which new attack vectors will be explored by attackers. Better preparation means better resilience and we hope our assessment of the future will enable defenders to strengthen their systems and repel cyberattacks more effectively,” says Ivan Kwiatkowski, senior security researcher at Kaspersky.

The APT predictions have been developed thanks to Kaspersky’s threat intelligence services used around the world. Read the full report on Securelist.

These predictions are a part of Kaspersky Security Bulletin (KSB) – an annual predictions series and analytical articles on key changes in the world of cybersecurity. Click here to look at other KSB pieces.

To look back at what the Kaspersky experts expected to see in the advanced targeted threats landscape in 2022, please read our previous yearly report.