Cyberattacks against industrial computers: energy before mechanical engineering

Attacks by industry sector 

For example, 38.7 percent of analyzed ICS computers in the energy sector and 35.3 percent of industrial computers in the mechanical engineering and ICS integration sectors were attacked by malware at least once in the second half of 2017. The construction industry recorded the highest increase compared to the first half of the year. Here, 31.1 percent of all ICS computers were affected by an attack. Automation is still a new area for this industry and cybersecurity is thus not yet given the necessary attention.

In other industries such as food, education, healthcare, telecommunications, industrial holdings, utilities, and manufacturing, the percentage was just under 30 percent. A large majority of the attacks can be considered random hits.

The power industry is a pioneer in the widespread use of automation solutions, and is one of the industries with the highest use of computers. Modern power grids are among the most extensive systems of interconnected industrial facilities with many computers that are also relatively vulnerable. Cybersecurity incidents in recent years, as well as tighter regulations, are forcing power and energy companies to adapt the cybersecurity of their Operational Technology (OT) systems. Other serious problems in recent years have been caused by suppliers.

Crypto-malware arrived at industrial computers

ICS computers have also been experiencing increased attacks with crypto-malware since September 2017. The experts from Kaspersky ICS CERT attribute this to the general trend hype from Bitcom and Co. If malicious mining activities to secretly mine digital currencies on computers in an industrial environment have reached a certain level, this has a negative impact on the performance and stability of ICS computers. From February 2017 to January 2018, mining malware attacked 3.3 percent of all industrial automation computers. In most cases, the attacks were purely random.

More numbers from the latest Kaspersky report:

• At 37.8 percent of all ICS computers protected by Kaspersky solutions blocked infection attempts (1.4 percentage points less than in the same period last year).
• The Internet remains with 22.7 percent Major source of ICS infections. Attacks increased by 2.3 percent compared to the first half of 2017.
• The number of malware modifications found on ICS machines in the second half of the year increased from 18,000 to over 18.900.
• In 2017 10.8 percent of all ICS computers were attacked by botnet agents. The attacks took place via the Internet, but also via removable media and e-mails.
• In 2017, the experts at Kaspersky ICS CERT found that 63 Vulnerabilities in industrial and IoT systems, of which 26 have been eliminated by manufacturers.

Protection recommendations of Kaspersky CERT

• Regular updates of operating system, application software and security solutions on all systems that are part of the industrial network in the company.
• Restrict network traffic across ports and protocols on edge routers and within the OT network.
• Audits of access controls to ICS components in the company's industrial network, including its boundaries.
• Deploy endpoint security solutions for ICS servers, workstations, and HMIs to protect OT and industrial infrastructure from random cyberattacks.
• Deploy network traffic monitoring, analysis and targeted attack detection solutions.

More information on cyber threats to industrial automation systems is available in the latest Kaspersky report at https://securelist.com/threat-landscape-for-industrial-automation-systems-in-h2-2017/85053/