Threats against industrial control systems on the rise in H2 2020
March 2021 by Kaspersky
While the percentage of ICS computers on which malicious objects were blocked had declined since the second half of 2019, this number again started to rise in the second half of 2020. Globally, the percentage of attacked ICS computers in H2 2020 was 33.4%—an increase of .85 percentage points. The percentage of ICS computers attacked in the engineering and ICS integration sector grew by nearly 8 percentage points and by nearly 7 percentage points and 6.2 percentage points in the building automation and oil & gas sectors respectively. Overall, the percentage of ICS computers attacked increased in 62% of the countries examined by Kaspersky researchers and across all five industries studied.
Attacks against industrial organizations always carry the potential to be particularly devastating, both in terms of disruption to production and financial losses. In addition, because of the highly sensitive information industrial organizations possess, they tend to be an attractive target for attackers. However, starting with the second half of 2019, Kaspersky experts had observed a decline in the percentage of ICS computers on which malicious objects were detected, as criminals appeared to be focusing on more targeted attacks. In H2 2020, threats to ICS computers again started to rise from almost each and every perspective, with both the percentage of attacked ICS increasing globally by .85 percentage points and the variety of malware families used increasing by 30 percent.
Of those industries examined by Kaspersky researchers, those with the greatest percentage of ICS computers attacked were building automation at 46.7%, an increase of nearly 7 percentage points from H1 2020, oil & gas at 44%, an increase of 6.2 percentage points from H1 2020, and engineering and ICS integration at 39.3%, an increase of nearly 8 percentage points. Threats to the oil & gas and building automation industries have been on the rise since H1 2019. The other two industries examined by Kaspersky researchers (energy and automotive manufacturing) also saw an increase in the percent of ICS computers on which malicious objects were blocked.
Percentage of ICS computers on which malicious objects were blocked in selected industries
Threats belonging to 5,365 malware families were blocked on ICS computers, an increase of 30% from H1 2020. The most prominent threats were backdoors (dangerous Trojans that gain remote control over the infected device), spyware (malicious programs designed to steal data), other types of Trojans, and malicious scripts and documents.
Number of malware families blocked on ICS computers, by half-year, 2019-2020
Overall, 62% of the countries examined by Kaspersky researchers experienced a growth in the percentage of ICS computers attacked. What’s more, in 73.4% of all countries examined (in comparison to 23.6% in H2 2019) the percentage of ICS computers on which malicious email attachments were blocked grew, increasing on average globally by .7 percentage points.
“2020 was an unusual year in nearly all aspects, and this appears to have led to some unusual trends across the ICS threat landscape. We typically see a decline in the percentage of ICS computers attacked in the summer months and December as people go on holiday. However, with borders closed and countries on lockdown, it’s likely many didn’t take their vacation, and we did not see any noticeable decrease. In addition, while ransomware attacks declined globally, in developed countries, such as the US and Western Europe, the number of attacks actually significantly increased—perhaps because, amidst the current economic downturn, criminals thought these places had businesses with the means to actually pay. With the pandemic still ongoing, it will be important that all industries take extra precautions; with the rest of the world in flux, it’s hard to predict what cybercriminals will do,” comments Evgeny Goncharov, Head of ICS CERT at Kaspersky.
To keep your ICS computers protected from various threats, Kaspersky experts recommend:
• Regularly update operating systems and application software that are part of the enterprise’s industrial network. Apply security fixes and patches to ICS network equipment as soon as they are available.
• Conduct regular security audits of OT systems to identify and eliminate possible vulnerabilities.
• Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets.
• Dedicated ICS security training for IT security teams and OT engineers is crucial to improve response to new and advanced malicious techniques.
• Provide the security team responsible for protecting industrial control systems with up-to-date threat intelligence. ICS Threat Intelligence Reporting service provides insights into current threats and attack vectors, as well as the most vulnerable elements in OT and industrial control systems and how to mitigate them.
• Use security solutions for OT endpoints and network such as Kaspersky Industrial CyberSecurity to ensure comprehensive protection for all industry critical systems.