In the second half of 2017, nearly 40% of all analyzed industrial control systems (ICS) in energy organizations were attacked by malware at least once – closely followed by 35% of engineering and ICS integration networks.
The cybersecurity of industrial facilities remains an issue that can lead to very serious consequences affecting industrial processes, as well as businesses losses. While analyzing the threat landscape in different industries, Kaspersky Lab ICS CERT recorded that nearly all industries regularly experience cyber-attacks on their ICS computers. However, energy and engineering were attacked more than others.
The report found that for all other industries (manufacturing, transportation, utilities, food and healthcare) the proportion of ICS computers attacked ranged from 26% to 30% on average. The vast majority of detected attacks were accidental hits.
The sector that demonstrated the most noticeable growth of ICS computers attacked during the second half of 2017 (compared to the first half of 2017) was construction, with 31% attacked. The relatively high percentage of attacked ICS computers in the construction industry compared to the first half of 2017 could indicate that these organizations are not necessarily mature enough to pay the required attention to the protection of industrial computers. Their computerized automation systems might be relatively new, and an industrial cybersecurity culture is still being developed in these organizations, Kaspersky noted.
“The results of our research into attacked ICS computers in various industries have surprised us, said Evgeny Goncharov, head of Kaspersky Lab ICS CERT. “For example, the high percentage of ICS computers attacked in power and energy companies demonstrated that the enterprises’ effort to ensure cybersecurity of their automation systems after some serious incidents in the industry is not enough, and there are multiple loopholes still there that cybercriminals can use.”
Meanwhile, the lowest percentage of ICS attacks – 15% – has been found in enterprises specializing in developing ICS software, meaning that their ICS research/development laboratories, testing platforms, demo stands and training environments are also being attacked by malicious software, although not as often as the ICS computers of industrial enterprises. Kaspersky Lab ICS CERT experts point to the significance of ICS vendors’ security, because the consequences of an attack spreading over the vendor’s partner ecosystem and customer base could be very dramatic.
Among the new trends of 2017, Kaspersky Lab ICS CERT researchers discovered a rise in mining attacks on ICS. This growth trend began in September 2017, along with an increase in the cryptocurrency market and miners in general.
“But in the case of industrial enterprises, this type of attack can pose a greater threat by creating a significant load on computers, and as a result, negatively affecting the operation of the enterprise’s ICS components and threatening their stability," the firm noted.
Overall, from February 2017 to January 2018, cryptocurrency mining programs attacked 3% of industrial automation system computers, in most cases accidentally.