Kaspersky suggests that as the corporate networks of industrial enterprises have become more integrated, cyber-criminals are increasingly turning their attention to these enterprises as potential targets. By exploiting vulnerabilities in networks and software, they can steal information related to production processes or even bring down manufacturing operations, it warns.
The Kaspersky Lab experts found that during the second half of 2016, malware downloads and access to phishing Web pages were blocked on more than 22% of industrial PCs. This means that almost one in five IPCs faced the risk of infection via the Internet at least once.
The desktop computers of engineers and operators working with ICSs (industrial control systems) do not usually have direct access to the Internet. However, there are other users – system and network administrators, developers and integrators of automation systems, as well as third-party contractors – who have simultaneous access to the Internet and ICS. Their computers can connect freely to the Internet because they are not tied to an industrial network.
The researchers report that 10.9% of computers with ICS software installed (or connected to systems running this software) showed traces of being exposed to malware when removable storage devices were connected to them.
Malicious e-mail attachments and scripts embedded in e-mails were blocked on 8.1% of IPCs. In most cases, attackers use phishing e-mails to attract the user's attention and disguise malicious files. Malware was most often distributed in the form of documents such as MS Office and PDF files.
According to the Kaspersky Lab research, malware – such as spyware, backdoors, keyloggers, financial malware, ransomware, and wipers – can paralyse an organisation’s control over its ICS or be used for targeted attacks. The latter is possible because of built-in functions that provide opportunities for remote control.
“Our analysis shows us that blind faith in technology networks’ isolation from the Internet doesn’t work anymore,” says Evgeny Goncharov, head of Kaspersky’s critical infrastructure defence department. “The rise of cyber-threats to critical infrastructure indicates that ICS should be properly secured from malware both inside and outside the perimeter. It is also important to note that according to our observations, the attacks almost always start with the weakest link in any protection – people.”
The report also reveals that:
• one in four targeted attacks detected last year were aimed at industrial targets;
• about 20,000 different malware samples, belonging to more than 2,000 different malware families, were found in industrial automation systems during 2016;
• 75 vulnerabilities were uncovered, 58 of them being classified as maximum critical vulnerabilities; and that
• the top three countries that experienced IPC attacks were Vietnam (more than 66%), Algeria (more than 65%) and Morocco (60%).
To protect ICS environments from possible cyber-attacks, Kaspersky Lab suggests:
• conducting security assessments to identify and remove security loopholes;
• requesting external intelligence from reputable vendors;
• providing protection inside and outside the perimeter;
• evaluating advanced methods of protection; and
• training personnel.