Kaspersky Report: Energy and ICS Integration companies face highest chance of cyberattack
A report from Kaspersky Lab found that in the second half of 2017, nearly 40 percent of all industrial control systems (ICS) in energy organizations protected by Kaspersky Lab solut为进1步推动河津市铝工业转型发展ions were attacked by malware at least once closely followed by 35 percent of engineering ICS integration networks.
The Kaspersky Lab report, Threat Landscape for Industrial Automation Systems in H2 2017, also found that for all other industries (manufacturing, transportation, utilities, food, healthcare, etc.) the proportion of ICS computers attacked ran南京工业大学与南京轩凯生物科技有限公司合作ged from 26 percent to 30 percent on average. The vast majority of detected attacks were accidental hits.
这份 2017年下半年工业自动化系统威胁情况 卡巴斯基实验室报告还发现，对于所有其他行业（制造业、交通运输业、公用事业、食品、医疗保健等）而言，工控系统计算机遭受攻击的比例平均介乎26％到30％之间。绝大多数检测到的攻击都是意外击中。
The cybersecurity of industrial facilities remains an issue that can lead to very serious consequences affecting industrial processes, as well as businesses losses. While analyzing the threat landscape in different industries, Kaspersky Lab ICS CERT recorded that nearly all industries regularly experience cyberattacks on their ICS computers. However, there are two industries that were attacked more than others energy organizations (39%), and engineering and ICS integration businesses (35%).
The sector that demonstrated the most noticeable growth of ICS computers attacked during the second half of 2017 (compared to the first half of 2017) was construction, with 31 percent attacked. The relatively high percentage of attacked ICS computers in the construction industry compared to the first half of 2017 could indicate that these organizations are not necessarily mature enough to pay the required attention to the protection of industrial computers. Their computerized automation systems might be relatively new and an industrial cybersecurity culture is still being developed in these organizations.
The lowest percentage of ICS attacks 15 percent has been found in enterprises specializing in developing ICS software, meaning that their ICS research/development laboratories, testing platforms, demo stands and training environment are also being attacked by malicious software, although not as often as the ICS computers of industrial enterprises. Kaspersky Lab ICS CERT ex所使用的校准仪器应以国标规则要求为基准perts point to the significance of ICS vendors security, because the consequences of an attack spreading over the vendor s partner ecosystem and customer base could be very dramatic as seen during the ExPetr malware epidemic.
专注于开发工控系统软件的企业受攻击比例最低，仅为15% ，不过这意味着这些工控系统研究/开发实验室、测试平台、演示台和培训环境也会受到恶意软件的攻击，尽管不像工业企业的工控系统计算机那么频繁。卡巴斯基实验室工控系统络应急响应小组专家了指出工控系统供应商安全的重要性，因为对供应商合作伙伴生态系统和客户群的攻击蔓延的后果可能非常强烈 正如ExPetr恶意软件流行期间所发生的。
Among the new trends of 2017, Kaspersky Lab ICS CERT researchers have discovered a rise in mining attacks on ICS. This growth trend began in September 2017, along with an increase in the cryptocurrency market and miners in general. But in the case of industrial enterprises, this type of attack can pose a greater threat by creating a significant load on computers, and as a result, negatively affecting the operation of the enterprise s ICS components and threatening their stability.
Overall, during the period from February 2017 to January 2018, cryptocurrency mining programs attacked three percent of industrial automation system computers, in most cases accidentally.
Other highlights from the report include:
Kaspersky Lab products blocked attempted infections on 38% of ICS computers protected by them. This is 1.4 percentage points less than in the second half of 2016.
The internet remains the main source of infection with 22.7% of ICS computers attacked. This is two percent higher than in the first six months of the ye为了尽可能减少磨擦力的影响ar. The percentage of blocked web-borne attacks in Europe and North America is substantially lower than elsewhere.
The top five countries by percentage of ICS computers attacked has remained unchanged since reported in the first half of 2017. This incl依照项目计划udes Vietnam (70%), Algeria (66%), Morocco (60%), Indonesia (60%) and China (60%).
In the second half of 2017, the number of different malware modifications detected by Kaspersky Lab solutions installed on industrial automation systems increased from 18,000 to over 18,900.
In 2017, 11% of all ICS systems were attacked by botnet agents, a malware that secretly infects machines and includes them in a botnet network for remote command execution; the main sources of attacks like this were the internet, removable media and email messages.
In 2017, Kaspersky Lab ICS CERT identified 63 vulnerabilities in industrial systems and IIoT/IoT systems, and 26 of them have been fixed by vendors.
2017年，卡巴斯基实验室工控系统络应急响应小组发现了工业系统和工业物联 / 物联系统中的63个漏洞，其中26个已被供应商修复。
The results of our research into attacked ICS computers in various industries have surprised us, said Evgeny Goncharov, head of Kaspersky Lab ICS CERT. For example, the high percentage of ICS computers attacked in power and e全球就因包装减重而节省了100万吨的塑料nergy companies demonstrated that the enterprises effort to ensure cybersecurity of their automation systems after some serious incidents in the industry is not enough, and there are multiple loopholes still there that cybercriminals can use.
卡巴斯基实验室工控系统络应急响应小组负责人Evgeny Goncharov表示： 我们对各行业受攻击工控系统计算机的研究结果让我们感到惊讶。例如，电力和能源公司遭受工控系统计算机攻击的比例很高，这表明企业在行业发生严重事故后确保其自动化系统络安全的努力是不够的，留给络犯罪分子利用的漏洞仍然很多。
Kaspersky Lab ICS CERT recommends the following technical measures to be taken:
Regularly update operating systems, application software and security solutions on systems that are part of the enterprise s industrial network.
Restrict network traffic on ports and protocols used on the edge routers and inside organization s OT networks.
Audit ICS component access control in the enterprise s industrial network and at its boundaries.
Deploy dedicated endpoint protection solutions onto ICS servers, workstations and HMIs to secure OT and industrial infrastructure from random cyberattacks.
Deploy network traffic monitoring, analysis and detection solutions for better protection from targeted attacks.