Almost 40 Percent of Industrial Computers Were Hit by Cyber Attacks in 2H 2016


Fully 39.2 percent of computers related the technological infrastructure of industrial enterprises were hit by cyber attacks in the second half of 2016, according to a recent Kaspersky Lab report.

The leading sources of infection, the report found, were the Internet (22 percent), removable storage devices (10.9 percent), and malicious e-mail attachments and scripts embedded in emails (8.1 percent).

While ICS engineers' and operators' computers don't generally have direct access to the Internet, the report notes, computers used by system and network administrators, third party contractors, and industrial automation system developers and integrators can connect to the Internet and provide exposure to threats.

"Our analysis shows us that blind faith in technology networks' isolation from the Internet doesn't work any more," Evgeny Goncharov, head of the critical infrastructure defense department at Kaspersky Lab, said in a statement. "The rise of cyber threats to critical infrastructure indicates that ICS should be properly secured from malware both inside and outside the perimeter."

"It is also important to note that according to our observations, the attacks almost always start with the weakest link in any protection -- people," Goncharov added.

Unpatched Vulnerabilities

The report also states that a quarter of all targeted attacks detected by Kaspersky Lab in 2016 were aimed at industrial targets. The leading countries with attacked industrial computers were Vietnam (66.1 percent), Algeria (65.6 percent) and Morocco (60.4 percent).

Approximately 20,000 different malware samples belonging to more than 2,000 different malware families were found in industrial automation systems in 2016 -- and 75 ICS vulnerabilities were uncovered by Kaspersky Lab in 2016, of which 58 were identified as maximum critical vulnerabilities.

"The approach of industrial software vendors to closing vulnerabilities and the situation with fixing known vulnerabilities at enterprises is by no means reassuring," the report states. "The vast majority of industrial enterprises remain vulnerable to computer attacks for years."

Kaspersky Lab recommends taking the following steps to protect the ICS environment from cyber attacks:

  • Conduct a security assessment to identify and remove security loopholes
  • Request external intelligence -- intelligence from reputable vendors helps organizations to predict future attacks on the company's industrial infrastructure
  • Train your personnel
  • Provide protection inside and outside the perimeter -- a proper security strategy has to devote significant resources to attack detection and response, to block an attack before it reaches critically important objects
  • Evalute advanced methods of protection -- a Default Deny scenario for SCADA systems, regular integrity checks for controllers, and specialized network monitoring to increase the overall security of a company will reduce the chances of a successful breach, even if some inherently vulnerable nodes cannot be patched or removed

Costs Exceeding $1 Million

A 2016 survey from Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI) similarly found that almost 40 percent of manufacturing companies had been impacted by cyber incidents in the previous year -- and 38 percent of those impacted said the attacks caused damages in excess of $1 million.

Strikingly, 50 percent of respondents to the survey said they perform vulnerability testing for industrial control systems less than once a month, and 31 percent said they've never performed a cyber risk assessment of their industrial control systems.

"To date, many companies have attempted to isolate the networks associated with their industrial control systems with an air gap, essentially a physical barrier between the industrial control systems networks, enterprise networks and the Internet," Deloitte & Touche partner Sean Peasley said in a statement. "However, if they haven't actually tested the accessibility of these systems, they can miss hidden access points that could be vulnerable to attack."

A recent Deloitte University Press report entitled Industry 4.0 and Cybersecurity suggests industrial companies can learn from the steps taken by the financial services industry. "Here, organizations are leveraging tools such as encryption and tokenization for data at rest and in transit to safeguard communications if they are intercepted or systems are compromised," the report states.

"While on its path to interconnectedness, the financial services industry realized that it is no longer typically adequate to focus solely on security to address data privacy and confidentiality risks, and that these techniques should be married with other techniques, such as data governance," the report adds. "Indeed, organizations should perform risk assessments across their environment, including enterprise, DSN, industrial control systems, and connected products, and use those assessments to determine or update their cyber risk strategies."