RISI Report: Malware Growing

Wednesday, March 2, 2011 @ 06:03 PM gHale

Graph1
There were seven intentional and 53 unintentional malware incidents reported in the Repository of Industrial Security Incidents (RISI) database by the end of 2010, according to a report released Wednesday by the Security Incidents Organization (SIO).

While Stuxnet is the most well known intentional malware attack, it is not the first and won’t be the last, according to the SIO’s 2011 edition of RISI’s annual “Report on Cyber Security Incidents and Trends Affecting Industrial Control Systems Resulting from Malware Infections.” An intentional malware incident is when someone deliberately installs the malware on a control system or a person writes the malware with the intent to attack a specific target. Click here for a discount code to obtain the malware report.

As of the end of 2010, the RISI database contained 60 confirmed malware incidents that occurred between 1982 and 2010. While that may not seem like a huge number of incidents, it is rare when any company reports an incident. When a report does come in analysts review them in detail to identify trends and expose the vulnerabilities exploited in past infections.

“This report shows the details of the continuing threats to manufacturing and infrastructure security around the world,” said John Cusimano, executive director of SIO. “As the Stuxnet malware showed in 2010, the threat continues and has become even more complicated and mature.”

Graph2
There were no fatalities reported for any of the malware incidents. However, several incidents resulted in “loss of view” which could have resulted in more serious consequences. The results seen most often due to malware incidents are “loss of staff time” followed by “loss of view” and “loss of production/operation.”

In addition to the production related results due to such incidents, there are also financial impacts related to the loss of staff time and loss of production/operation. It is difficult to quantify these costs. This study revealed the financial impact in 32% of the incidents reported to have damages of $10,000 or greater. However, in many cases, fines and loss of production costs may go unreported. One incident resulted in financial damages exceeding $10 million.

This adaptable nature of malware and malware authors confirms that security is a never-ending battle, according to RISI. The quantity of reportable malware incidents should increase in 2011, since Stuxnet infections are still under investigation. In addition, there is a high likelihood that malware authors will attempt to re-use or copy Stuxnet, according to RISI.

“Every new worm, virus or hack is an evolution on one from the day before,” said Eric Byres, a security expert and Chief Technology Officer of Byres Security Inc. “The bad guys learn from their successes and mistakes so they can build scarier, more effective attacks. As ICS professionals we have to learn as well, or we will be left far behind. We need to study what has gone wrong in the past so we don’t repeat that mistake again in the future. The RISI reports are designed to help us do that.”

There will be a web-based press conference March 4 at 10 a.m. EST to discuss the significance of the RISI report and the continuing malware threat to industrial control systems and the world’s industrial infrastructure. Click here to register for the press conference.