The most cyber-attacks targeted energy organizations and engineering & ICS integration networks in the second half of 2017, shows a Kaspersky Lab research into the Industrial Automation System threat landscape. Kaspersky Lab ICS CERT researchers also discovered a rise in mining attacks that began in September following an increase in the cryptocurrency market and miners in general.
38.7% of all industrial control systems (ICS) in energy organizations protected by Kaspersky Lab solutions were attacked by malware at least once during the last six months of 2017, closely followed by 35.3% of engineering & ICS integration networks. Other sectors experienced an average of between 26% and 30% of ICS computers attacked. The vast majority of detected attacks were accidental hits.
The cybersecurity of industrial facilities remains an issue that can lead to very serious consequences affecting industrial processes, as well as businesses losses. While analyzing the threat landscape in different industries, Kaspersky Lab ICS CERT recorded that nearly all industries regularly experience cyberattacks on their ICS computers.
Computerized and automated systems face maximum risk
According to experts, the energy sector was one of the first industries that started to widely use various automation solutions and is now one of the most computerized. Cybersecurity incidents and targeted attacks over the past couple of years, along with regulatory initiatives make a strong case for the power and energy companies to start adopting cybersecurity products and measures for their operational technology (OT) systems.
Moreover, the modern power grid is one of the most extensive systems of interconnected industrial objects, with a large number of computers connected to the network and a relatively high degree of exposure to cyber threats, as demonstrated by Kaspersky Lab ICS CERT statistics. In turn, the high percentage of attacked ICS computers in engineering and ICS Integration businesses is another serious problem given the fact that the supply chain attack vector has been used in some devastating attacks in recent years.
In 2017, 10.8% of all ICS systems were attacked by botnet agents, a malware that secretly infects machines and includes them in a botnet network for remote command execution; the main sources of attacks like this were the internet, removable media and email messages. The internet remains the main source of infection with 22.7% of ICS computers attacked. This is 2.3% higher than in the first six months of the year. The percentage of blocked web-borne attacks In Europe and North America is substantially lower than elsewhere.
In 2017, Kaspersky Lab ICS CERT identified 63 vulnerabilities in industrial systems and IIoT/IoT systems, and 26 of them have been fixed by vendors.
“The results of our research into attacked ICS computers in various industries have surprised us. For example, the high percentage of ICS computers attacked in power and energy companies demonstrated that the enterprises’ effort to ensure cybersecurity of their automation systems after some serious incidents in the industry is not enough, and there are multiple loopholes still there that cybercriminals can use,” said Evgeny Goncharov, Head of Kaspersky Lab ICS CERT.
Recommendations from Kaspersky Lab ICS CERT
- Regularly update operating systems, application software and security solutions on systems that are part of the enterprise’s industrial network.
- Restrict network traffic on ports and protocols used on the edge routers and inside organization’s OT networks.
- Audit ICS component access control in the enterprise’s industrial network and at its boundaries.
- Deploy dedicated endpoint protection solutions onto ICS servers, workstations and HMIs to secure OT and industrial infrastructure from random cyberattacks.
- Deploy network traffic monitoring, analysis and detection solutions for better protection from targeted attacks.
Read the full report for H2 2017 on the Kaspersky Lab ICS CERT website.
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 20 years.
About Kaspersky Lab ICS CERT
Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) is a global project launched by Kaspersky Lab in 2016 to coordinate the efforts of automation system vendors, industrial facility owners and operators, and IT security researchers to protect industrial enterprises from cyberattacks.