The top three cyberthreats were worms, spyware, and cryptocurrency miners – together, they combined to make almost 14% of the share of targeted computers. These are among the main findings of the Kaspersky ICS CERT report on the industrial threat landscape in the first half of 2019.
Industrial cyber incidents are among the most dangerous as they may result in production downtime and tangible financial losses and are quite hard to overcome. This is especially the case when the incident occurs in critical, life-supporting sectors, such as energy. Statistics for H1 2019, automatically processed by Kaspersky security technologies, have shown that those who manage energy solutions should not let their guard down. Overall, during the observed period of time, Kaspersky products were triggered on 41.6% of ICS computers in the energy sector. A large number of conventional malware samples –– not designed for ICS — were blocked.
Among the malicious programs which were blocked, the greatest danger was posed by cryptocurrency miners (2.9%), worms (7.1%), and a variety of versatile spyware (3.7%). Infection with such malware can negatively affect the availability and integrity of ICS and other systems that are part of the industrial network. Among these detected threats, some are of particular interest.
This includes AgentTesla, specialized Trojan Spy malware, designed to steal authentication data, screenshots, and data captured from the web camera and keyboard. In all of the analyzed cases, the attackers sent data via compromised mailboxes at various companies. Aside from malware threat, Kaspersky products also identified and blocked cases of the Meterpreter backdoor which was being used to remotely control computers on the industrial networks of energy systems. Attacks that use the backdoor are targeted and stealthy and are often conducted in manual mode. The ability of the attackers to control infected ICS computers stealthily and remotely poses a huge threat to industrial systems. Last but not least, the company’s solutions detected and blocked Syswin, a new wiper worm written in Python and packed into the Windows executable format. This threat can have a significant impact on ICS computers due to its ability to self-propagate and destroy data.
The energy sector was not the only one to face malicious objects and activities. Other industries, analyzed by Kaspersky experts, have also shown no reason for relief with automotive manufacturing (39.3%) and building automation (37.8%) taking the second and the third places in terms of percentage of the number of ICS computers on which malicious objects were blocked.
Other findings of the report include:
“The collected statistics, as well as analysis into industrial cyberthreats, are a proven asset for assessing current trends and predicting what type of danger we should all prepare for. This report has identified that security experts should be particularly cautious about malicious software that aims to steal data, spy on critically important objects, penetrate the perimeter and destroy the data. All of these types of incident could cause lots of trouble for industry”, says Kirill Kruglov, security researcher at Kaspersky.
Kaspersky ICS CERT recommends implementing the following technical measures:
Read the full version on Kaspersky ICS CERT.
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
Kaspersky Industrial Control Systems Cyber Emergency Response Team (Kaspersky ICS CERT) is a global project launched by Kaspersky in 2016 to coordinate the efforts of automation system vendors, industrial facility owners and operators, and IT security researchers to protect industrial enterprises from cyberattacks. Kaspersky ICS CERT devotes its efforts primarily to identifying potential and existing threats that target industrial automation systems and the Industrial Internet of Things. During its first year of operation, the team identified over 110 critical vulnerabilities in products by major global ICS vendors. Kaspersky ICS CERT is an active member and partner of leading international organizations that develop recommendations on protecting industrial enterprises from cyberthreats. ics-cert.kaspersky.com