跳到主体内容

Almost 40% of industrial computers faced a cyberattack in the 2nd half of 2016

2017年3月28日

On average two-in-five computers, related to the technological infrastructure of industrial enterprises, faced cyberattacks in the second half of 2016.

On average two-in-five computers, related to the technological infrastructure of industrial enterprises, faced cyberattacks in the second half of 2016. This is a finding from Kaspersky Lab’s report, the “Threat Landscape for Industrial Automation Systems in the second half of 2016.” The percentage of industrial computers under attack grew from over 17% in July 2016 to more than 24% in December 2016, with the top three sources of infection being the Internet, removable storage devices, and malicious e-mail attachments and scripts embedded in the body of e-mails.

As the technology and corporate networks of industrial enterprises become increasingly integrated, more and more cybercriminals are turning their attention to industrial enterprises as potential targets. By exploiting vulnerabilities in the networks and software used by these enterprises, attackers could steal information related to the production process or even bring down manufacturing operations, leading to technogenic disaster.

In order to find out how widespread the threat is, Kaspersky Lab ICS CERT specialists have conducted dedicated research into the cyberthreat landscape faced by ICS systems.

almost-40-of-industrial-computers-faced-a-cyberattack

They discovered that in the second half of 2016 malware downloads and access to phishing web-pages were blocked on over 22% of industrial computers. This means that almost every fifth machine at least once faced the risk of infection or credential compromise via the Internet.

The desktop computers of engineers and operators working directly with ICS do not usually have direct access to the Internet due to the limitations of the technology network in which they are located. However, there are other users that have simultaneous access to the Internet and ICS. According to Kaspersky Lab research, these computers – presumably used by system and network administrators, developers and integrators of industrial automation systems and third party contractors who connect to technology networks directly or remotely – can freely connect to the Internet because they are not tied to only one industrial network with its inherent limitations.

The Internet is not the only thing that threatens the cybersecurity of ICS systems. The danger of infected removable storage devices was another threat spotted by the company’s researchers. During the period of research, 10.9% of computers with ICS software installed (or connected to those that have this software) showed traces of malware when a removable device was connected to them.

Malicious e-mail attachments and scripts embedded in the body of e-mails were blocked on 8.1% of industrial computers, taking third place. In most cases, attackers use phishing e-mails to attract the user's attention and disguise malicious files. Malware was most often distributed in the format of office documents such as MS Office and PDF files. Using various techniques, the criminals made sure that people downloaded and ran malware on the industrial organization’s computers.

According to Kaspersky Lab research, malware, which poses a significant threat to companies around the world, is also dangerous to industrial enterprises. This includes spyware, backdoors, keyloggers, financial malware, ransomware, and wipers. These can completely paralyze the organization’s control over its ICS or can be used for targeted attacks respectively. The latter is possible because of inherent functions that provide an attacker with lots of possibilities for remote control.

“Our analysis shows us that blind faith in technology networks’ isolation from the Internet doesn’t work anymore. The rise of cyberthreats to critical infrastructure indicates that ICS should be properly secured from malware both inside and outside the perimeter. It is also important to note that according to our observations, the attacks almost always start with the weakest link in any protection – people,” said Evgeny Goncharov, Head of Critical Infrastructure Defense Department, Kaspersky Lab.

The other findings of the Kaspersky Lab report “Industrial automation systems threat landscape in the second half of 2016” are:

  • Every fourth targeted-attack detected by Kaspersky Lab in 2016 was aimed at industrial targets
  • About 20,000 different malware samples were revealed in industrial automation systems belonging to over 2,000 different malware families
  • 75 vulnerabilities were revealed by Kaspersky Lab in 2016. 58 of them were marked as maximum critical vulnerabilities
  • Top three countries with attacked industrial computers: Vietnam (more than 66%), Algeria (over 65%), Morocco (60%)

In order to protect the ICS environment from possible cyber-attacks, Kaspersky Lab security experts advise the following:

  • Conduct a security assessment to identify and remove security loopholes
  • Request external intelligence: intelligence from reputable vendors helps organizations to predict future attacks on the company’s industrial infrastructure
  • Train your personnel
  • Provide protection inside and outside the perimeter. A proper security strategy has to devote significant resources to attack detection and response, to block an attack before it reaches critically important objects
  • Evaluate advanced methods of protection: A Default Deny scenario for SCADA systems, regular integrity checks for controllers, and specialized network monitoring to increase the overall security of a company will reduce the chances of a successful breach, even if some inherently vulnerable nodes cannot be patched or removed.

Read a summary of the Kaspersky Lab ICS CERT report for H2 2016 on Securelist.com. The full report is available on Kaspersky Lab ICS CERT website.

Almost 40% of industrial computers faced a cyberattack in the 2nd half of 2016

On average two-in-five computers, related to the technological infrastructure of industrial enterprises, faced cyberattacks in the second half of 2016.
Kaspersky logo

关于卡巴斯基

卡巴斯基是一家成立于1997年的全球网络安全和数字隐私公司。卡巴斯基不断将深度威胁情报和安全技术转化成创新的安全解决方案和服务,为全球的企业、关键基础设施、政府和消费者提供安全保护。公司提供全面的安全产品组合,包括领先的端点保护解决方案以及多种针对性的安全解决方案和服务,以及用于应对复杂和不断变化的数字威胁的网络免疫解决方案。全球有超过4亿用户使用卡巴斯基技术保护自己,我们还帮助全球200,000家企业客户保护最重要的东西。要了解更多详情,请访问www.kaspersky.com.cn.

相关文章 企业新闻