Energy Suffers Most ICS Malware Attacks: Report

Monday, March 26, 2018 @ 03:03 PM gHale

Number of vulnerable products used in different industries (according to ICS-CERT classification) vulnerabilities published in 2017.
Source: Kaspersky Lab

Almost 40 percent of all industrial control systems (ICS) in energy organizations protected by Kaspersky Lab solutions ended up attacked by malware at least once in the second half of last year, a new report found.

On top of the energy sector, engineering & ICS integration networks followed closely at 35 percent, according to a report from Kaspersky Lab.

Incident Response Plans Still Lacking: Study
Attacks Hike with Geopolitical Events: Report
Cybersecurity Spending to Jump 33%
Strategic Malware Attacks Grow: Report

For all other industries (manufacturing, transportation, utilities, food, healthcare, etc.) the proportion of ICS computers attacked ranged from 26 percent to 30 percent on average, according to the “Threat Landscape for Industrial Automation Systems in H2 2017” report from Kaspersky. The vast majority of detected attacks were accidental hits.

The cybersecurity of industrial facilities remains a serious issue that could affect industrial processes, along with business continuity.

While analyzing the threat landscape in different industries, Kaspersky Lab ICS CERT recorded nearly all industries regularly experience cyberattacks on their ICS computers. However, there are two industries that were attacked more than others – energy organizations (39 percent), and engineering and ICS integration businesses (35 percent).

The sector that demonstrated the most noticeable growth of ICS computers attacked during the second half of 2017 (compared to the first half of 2017) was construction, with 31 percent attacked. The relatively high percentage of attacked ICS computers in the construction industry compared to the first half of 2017 could indicate these organizations are not necessarily mature enough to pay the required attention to the protection of industrial computers, researchers said. Their computerized automation systems might be relatively new and an industrial cybersecurity culture is still being developed in these organizations.

The lowest percentage of ICS attacks – 15 percent – were in enterprises specializing in developing ICS software, meaning their ICS research/development laboratories, testing platforms, demo stands and training environment are also being attacked by malicious software, although not as often as the ICS computers of industrial enterprises. Kaspersky Lab ICS CERT experts point to the significance of ICS vendors’ security, because the consequences of an attack that could spread over the vendor’s partner ecosystem and customer base.

Among the new trends of 2017, Kaspersky Lab ICS CERT researchers found a rise in mining attacks on ICS.

Other highlights from the report include:
• Kaspersky Lab products blocked attempted infections on 38 percent of ICS computers protected by them. This is 1.4 percentage points less than in the second half of 2016.
• The Internet remains the main source of infection with 22.7 percent of ICS computers attacked. This is two percent higher than in the first six months of the year. The percentage of blocked web-borne attacks in Europe and North America is substantially lower than elsewhere.
• The top five countries by percentage of ICS computers attacked has remained unchanged since reported in the first half of 2017. This includes Vietnam (70 percent), Algeria (66 percent), Morocco (60 percent), Indonesia (60 percent) and China (60 percent).
• In the second half of 2017, the number of different malware modifications detected by Kaspersky Lab solutions installed on industrial automation systems increased from 18,000 to over 18,900.
• In 2017, 11 percent of all ICS systems were attacked by botnet agents, a malware that secretly infects machines and includes them in a botnet network for remote command execution; the main sources of attacks like this were the Internet, removable media and email messages.
• In 2017, Kaspersky Lab ICS CERT identified 63 vulnerabilities in industrial systems and IIoT/IoT systems, and 26 of them have been fixed by vendors.

“The results of our research into attacked ICS computers in various industries have surprised us, said Evgeny Goncharov, head of Kaspersky Lab ICS CERT. “For example, the high percentage of ICS computers attacked in power and energy companies demonstrated that the enterprises’ effort to ensure cybersecurity of their automation systems after some serious incidents in the industry is not enough, and there are multiple loopholes still there that cybercriminals can use.”

Click here to read the full report.

Leave a Reply

You must be logged in to post a comment.