Electricity and Control June 2021

CYBERSECURITY

Increasing threats against industrial control systems

R esearch undertaken by Kaspersky Industrial Control Systems Cyber Emergency Response Team (Kaspersky ICSCERT) indicates that although thepercentage of industrial control systems (ICS) computers on which malicious objects were blocked had declined since the second half of 2019, this started to rise again in the second half of 2020. Globally, the percentage of ICS computers attacked in H2 2020 was 33.4% – an increase of 0.85%. The percentage of ICS computers attacked in the engineering and ICS integration sector grew by nearly 8% and by nearly 7% and 6.2% in the building automation and oil & gas sectors, respectively. Overall, the percentage of ICS computers attacked increased in 62% of the countries examined by Kaspersky researchers and across all five industries studied. Attacks against industrial organisations always carry the potential to be particularly devastating, in terms of disrup- tion to production and financial losses. In addition, because of the highly sensitive information industrial organisations possess, they tend to be an attractive target for attackers. However, starting with the second half of 2019, Kaspersky experts had observed a decline in the percentage of ICS computers on which malicious objects were detected, as criminals appeared to be focusing on more targeted at- tacks. In H2 2020, threats to ICS computers again started to rise from almost every perspective, with the percentage of attacked ICS increasing globally and the variety of mal- ware families used increasing by 30%. Of the industries examined by Kaspersky researchers, those with the greatest percentage of ICS computers at- tacked were building automation at 46.7%, an increase of nearly 7% from H1 2020; oil & gas at 44%, an increase of 6.2% from H1 2020; and engineering and ICS integration at 39.3%, an increase of nearly 8%. Threats to the oil & gas and building automation industries have been on the rise since H1 2019. The other two industries examined by Kaspersky researchers (energy and automotive manufac- turing) also saw an increase in the percent of ICS comput- ers on which malicious objects were blocked. Threats belonging to 5 365 malware families were blocked on ICS computers, an increase of 30% from H1 2020. The most prominent threats were ‘backdoors’ (dan- gerous Trojans that gain remote control over the infected device), spyware (malicious programs designed to steal data), other types of Trojans, and malicious scripts and documents. Overall, 62% of the countries examined by Kaspersky researchers experienced a growth in the percentage of ICS computers attacked. What’s more, in 73.4% of all countries examined (in comparison to 23.6% in H2 2019) the per- centage of ICS computers on which malicious email attach- ments were blocked grew, increasing on average globally by 0.7%. Commenting on the research findings, Evgeny Goncharov, Head of ICS CERT at Kaspersky, said: “2020 was an unusual year in nearly all respects, and this appears to have led to some unusual trends across the ICS threat

landscape. We typically see a decline in the percentage of ICS computers attacked in the northern summer months and December, as people go on holiday. However, with borders closed and countries on lockdown, it’s likely many didn’t take their vacation, and we did not see any noticeable decrease. In addition, while ransomware attacks declined globally, in developed countries, such as the US and Western Europe, the number of attacks actually increased significantly – perhaps because, amid the current economic downturn, criminals thought these regions had businesses with the means to actually pay. With the pandemic still ongoing, it will be important that all industries take extra precautions; with the rest of the world in flux, it’s hard to predict what cybercriminals will do.” To keep ICS computers protected from various threats, Kaspersky experts recommend the following actions. - Regularly update operating systems and application software that are part of the enterprise’s industrial net- work. Apply security fixes and patches to ICS network equipment as soon as they are available. - Conduct regular security audits of OT systems to identify and eliminate possible vulnerabilities. - Use ICS network traffic monitoring, analysis and de- tection solutions for better protection from attacks po- tentially threatening technological process and main enterprise assets. - Dedicated ICS security training for IT security teams and OT engineers is crucial to improve response to new and advanced malicious techniques. - Provide the security team responsible for protecting industrial control systems with up-to-date threat intel- ligence. Kaspersky’s ICS Threat Intelligence Report- ing Service provides insights into current threats and attack vectors, as well as the most vulnerable ele- ments in OT and industrial control systems and how to mitigate them. - Use security solutions for OT endpoints and net- works, such as Kaspersky Industrial CyberSecurity, to ensure comprehensive protection for all industry critical systems. Research indicates increasing threats against industrial control systems from the second half of 2020.

For more information visit: www.ics-cert.kaspersky.com

Electricity + Control JUNE 2021

31