Research carried out by Kapersky Lab has found that the number of attacks on energy organisations noticeably exceeded those faced by other industries in the second half of 2017.
Kaspersky Lab ICS CERT researchers also discovered a rise in mining attacks that began in September following an increase in the cryptocurrency market and miners in general.
38.7% of all industrial control systems (ICS) in energy organisations protected by Kaspersky Lab solutions were attacked by malware at least once during the last six months of 2017, closely followed by 35.3% of engineering and ICS integration networks. Other sectors experienced an average of between 26% and 30% of ICS computers attacked. The vast majority of detected attacks were accidental hits.
According to experts, the energy sector was one of the first industries that started to widely use various automation solutions and is now one of the most computerised. Cyber security incidents and targeted attacks over the past couple of years, along with regulatory initiatives make a strong case for the power and energy companies to start adopting cyber security products and measures for their operational technology (OT) systems.
Moreover, the modern power grid is one of the most extensive systems of interconnected industrial objects, with a large number of computers connected to the network and a relatively high degree of exposure to cyber threats, as demonstrated by Kaspersky Lab ICS CERT statistics. In turn, the high percentage of attacked ICS computers in engineering and ICS Integration businesses is another serious problem given the fact that the supply chain attack vector has been used in some devastating attacks in recent years.
Among the new trends of 2017, Kaspersky Lab ICS CERT researchers have discovered a rise in mining attacks on ICS that began in September, following an increase in the cryptocurrency market and miners in general. This type of attack can pose a greater threat for industrial enterprises by creating a significant load on computers and, as a result, negatively affecting the operation of the enterprise's ICS components and threatening their stability. Overall, during the period from February 2017 to January 2018, cryptocurrency mining programs attacked 3.3% of industrial automation system computers, in most cases accidentally.
"The results of our research into attacked ICS computers in various industries have surprised us. For example, the high percentage of ICS computers attacked in power and energy companies demonstrated that the enterprises' effort to ensure cyber security of their automation systems after some serious incidents in the industry is not enough, and there are multiple loopholes still there that cyber criminals can use," said Evgeny Goncharov, head of Kaspersky Lab ICS CERT.
"Overall, in comparison with 2016 we have seen a slight decline in the number of ICS attacks. This probably indicates that, generally, enterprises have started to pay a bit more attention to ICS cyber security issues, and are auditing the industrial segments of their networks, training employees, etc. It is a good sign, because it's highly important for businesses to take proactive measures in order to avoid firefighting in future," he adds.
Kaspersky Lab ICS CERT recommends the following technical measures to be taken:
- Regularly update operating systems, application software and security solutions on systems that are part of the enterprise's industrial network.
- Restrict network traffic on ports and protocols used on the edge routers and inside organisation's OT networks.
- Audit ICS component access control in the enterprise's industrial network and at its boundaries.
- Deploy dedicated endpoint protection solutions onto ICS servers, workstations and HMIs to secure OT and industrial infrastructure from random cyber attacks.
- Deploy network traffic monitoring, analysis and detection solutions for better protection from targeted attacks.
You can read the full report here.