Armis State of Cyberwarfare and Trends Report: 2022-2023

Armis is pleased to be able to share the results of our global cyberwarfare research study and market analysis with you. We hope that you find the contents of this global and its sister regional reports to be valuable and worthwhile.

Let us better consider the context that we are operating in today; leading analysts1 predict that by 2025, cyber attackers will have weaponized operational technology (OT) environments to successfully harm or kill humans. While this may seem extreme, it underpins a trend in cyberwarfare as threat actors move from the reconnaissance and espionage realms into the kinetic application of cyberwarfare tools. These kinetic cyberweapons have already been discovered in the wild, although none specifically have been deployed to lethal effect. For example, the Triton malware discovered in 2017 targeted and disabled2 safety instrumented system (SIS) controllers of a Saudi Arabian petrochemical plant which could have contributed to a plant-wide disaster had the problem not been identified. And in February 20213, a hacker attempted to poison the water supply facility of a small U.S. city in the state of Florida via remote access. We have already seen ransomware attacks against the healthcare sector result in human deaths4, so the potential impact of cyberattacks – whether intentional or unintentional – is clear.

While kinetic cyber threats are the future of the cyber arms race, cyberweapons are hardly a new concept. The world got a peek into the National Security Agency’s5 (NSA) cyber arsenal in 2016 with the Shadow Brokers leaks6, which exposed some of the most powerful and invisible cyberweapons on earth. This leaked cyber arsenal, which included the EternalBlue vulnerability, became the basis of some of the most extensive compromises in history, including NotPetya and WannaCry.

The development of these cyberweapons has also accelerated an entire industry known as the zero-day market, a shadowy collection of researchers, brokers, and websites dedicated to profiting from zero-day exploits. While no one knows the exact dollar amount of the industry as a whole, openly published price lists have revealed the price of a working zero-click exploit as $2.5 million and $2 million for Android and iOS7, respectively…