Full Report
We present our vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect from cybercriminals in 2021.
Analysis Summary
# Industry News: Kaspersky Forecasts Escalating Ransomware and Geopolitical Shifts in ICS Security
## Summary
Kaspersky ICS CERT has released its strategic forecast for Industrial Control Systems (ICS), highlighting a pivot from opportunistic attacks to targeted ransomware and complex cyberespionage. The report underscores how the post-pandemic digital acceleration is expanding the industrial attack surface, making infrastructure more vulnerable to both criminal and state-sponsored actors.
## Key Details
- **Date:** December 2, 2020
- **Companies Involved:** Kaspersky ICS CERT, global industrial enterprises
- **Category:** Market Analysis and Strategic Predictions
## The Story
As the world enters 2021, the convergence of Information Technology (IT) and Operational Technology (OT) has reached a critical tipping point. Kaspersky’s analysis predicts that the "random" malware infections of the past are being replaced by high-stakes, targeted ransomware campaigns. These "Big Game Hunting" tactics specifically target industrial giants to maximize ransom demands by threatening to halt production.
Furthermore, the shift toward remote work—driven by the 2020 pandemic—has permanently altered the industrial security perimeter. Many organizations rushed their digital transformations, leaving exposed RDP ports and poorly secured VPNs as permanent entry points. Kaspersky also anticipates an increase in "commodity" malware being used as a precursor for more advanced persistent threats (APTs), blurring the lines between cybercrime and state-sponsored disruption.
## Business Impact
### For the Companies Involved (Kaspersky)
- Positions Kaspersky as a thought leader in the niche OT security space, driving demand for their specialized KICS (Kaspersky Industrial CyberSecurity) platform.
### For Competitors
- Competitors like Dragos, Nozomi Networks, and Claroty must pivot their messaging to address the "ransomware-led" threat model rather than just focusing on visibility and monitoring.
### For Customers
- Industrial firms face higher insurance premiums and a mandatory requirement to increase cybersecurity CAPEX/OPEX to protect legacy hardware that was never intended to be internet-facing.
### For the Market
- The market is shifting from "awareness" to "urgent remediation." We expect increased investment in Managed Detection and Response (MDR) services tailored specifically for industrial environments.
## Technical Implications
The report highlights the rise of "Living off the Land" (LotL) techniques in OT environments, where attackers use legitimate administrative tools to evade detection. There is also a noted increase in vulnerabilities found in BMCs (Baseboard Management Controllers) and industrial IoT (IIoT) devices, which act as "blind spots" for traditional antivirus software.
## Strategic Analysis
- **Market Positioning:** Kaspersky is leveraging its global telemetry to move from being a "software vendor" to a "strategic intelligence partner" for critical infrastructure.
- **Competitive Advantage:** Early identification of the shift toward "Ransomware 2.0" (encryption + data exfiltration) provides a roadmap for proactive defense.
- **Challenges:** Geopolitical friction remains a challenge for Kaspersky’s adoption in certain Western government sectors, despite their technical proficiency.
## Industry Reactions
- **Analyst Opinions:** Most industry analysts agree that the "air gap" is officially dead, validating Kaspersky's focus on remote access security.
- **Market Response:** There is a growing trend of industrial firms seeking "one-stop-shop" solutions that bridge the gap between IT security operations centers (SOCs) and the factory floor.
## Future Outlook
- **Predictions:** Expect a surge in "access brokers" selling entry into industrial networks on the dark web.
- **What to watch for:** The emergence of "kill-switch" ransomware that doesn't just encrypt files but actively interferes with industrial processes to force a payout.
## For Security Professionals
Practitioners should prioritize the auditing of all external-facing industrial gateways and implement strict Multi-Factor Authentication (MFA) for remote maintenance. The focus must shift from "preventing infection" to "resilience and fast recovery," as the sophistication of targeted industrial attacks makes perimeter breaches almost inevitable.