ICS Components Still Connected to Internet
Monday, July 11, 2016 @ 04:07 PM gHale
Organizations likely have ICS components connected to the Internet that could allow attackers to launch an assault against critical infrastructure systems, a new report said.
The report found 17,042 ICS components on 13,698 different hosts exposed to the Internet, likely belong to large organizations, said researchers at Kaspersky Lab. These organizations include energy, transportation, aerospace, oil and gas, chemicals, automotive and manufacturing, food and service, governmental, financial and medical institutions.
To minimize the possibility of a cyber attack, ICS should be run in a physically isolated environment; however, the report shows thousands of hosts suffer from exposure with 91.1 percent of these ICS hosts having vulnerabilities that can end up exploited remotely. In addition, 3.3 percent of ICS hosts located in these organizations contain critical vulnerabilities that can end up remotely exploited.
Connected systems are more flexible, able to react quickly to critical situations and implement updates, but in turn, this gives attackers a chance to remotely control critical ICS components. This can result in physical harm to the equipment as well as potential danger to the whole critical infrastructure.
Major findings of the report include:
• 188,019 hosts with ICS components available via the Internet have been identified in 170 countries.
• Most of the remotely available hosts with ICS components installed are in the United States (30.5 percent – 57,417) and Europe. In Europe, Germany has a leading position (13.9 percent – 26,142 hosts), followed by Spain (5.9 percent – 11,264 hosts), and France (5.6 percent – 10,578 hosts).
• 92 percent (172,982) of remotely available ICS hosts have vulnerabilities. 87 percent of these hosts contain medium risk vulnerabilities and 7 percent of them have critical vulnerabilities.
• The number of vulnerabilities in ICS components has increased tenfold during the past five years: From 19 vulnerabilities in 2010 to 189 vulnerabilities in 2015. The most vulnerable ICS components were Human Machine Interfaces (HMI), Electric Devices and SCADA systems.
• 91.6 percent (172,338 different hosts) of all the externally available ICS devices use weak Internet connection protocols, which opens the opportunity for attackers to conduct ’man in the middle’ attacks.
“There is no 100 percent guarantee that a particular ICS installation won’t have at least one vulnerable component at any single moment in time,” said Andrey Suvorov, head of critical infrastructure protection at Kaspersky Lab. “However, this doesn’t mean that there is no way to protect a factory, a power plant, or even a block in a smart city from cyber attacks. Simple awareness of vulnerabilities in the components used inside a particular industrial facility is the basic requirement for security management of the facility.”
Click here to download the report.