It’s not just a plot line from a Die Hard movie, but an actual reality – attacks on systems that we as individuals don’t really think about, but which can affect hundreds, thousands or even millions of people.
The Shodan search engine for security, IoT, buildings, power plants, web camas, the web and other Internet-connected devices describes ICS in a nutshell as “computers that control the world around you. They’re responsible for managing the air conditioning in your office, the turbines at a power plant, the lighting at the theatre or the robots at a factory”.
Whether it’s nation states attacking each other in this way, or hackers with maniacal plans to cause havoc, these systems need protection more than ever in the 21st century, and there are a range of Internet security providers who do just that.
On such security company is Kaspersky Lab , well known for being one of the most successful Russian tech companies in the world, while also being a target of US intelligence agencies in claims of Russian spying that, incredibly enough, have never actually been proven . Meanwhile, Kaspersky’s own customers think the company is doing an award-winning job, as you can see from the 2017 Gartner Peer Insights Customer Choice Awards for Endpoint Protection Platforms .
Unfortunately, the damage to Kaspersky Lab’s reputation has been done, and will naturally take time to recover, but that hasn’t stopped the company from continuing its mission to protect as many computers and technologies as it can worldwide from hackers, viruses, trojans, malware, ransomware and more, and the company is clearly concerned with its actions speaking very much louder than the words of others.
This is demonstrated by the details below, which start off with Kaspersky Lab noting that over 40% of all ICS computers protected by the company’s solutions “were attacked by malicious software at least once during the first half of 2018.
“The most impacted countries turned out to be Vietnam, Algeria and Sri Lanka, while the safest region for industrial machines was Denmark. These are among the main findings of the Kaspersky Lab ICS CERT report on the industrial threat landscape in H1 2018.”
After all, it’s obvious and scary that cyberattacks on industrial computers are considered to be “an extremely dangerous threat as they cause material losses and production downtime for a whole system. Moreover, industrial enterprises knocked out of service can seriously undermine a region’s social welfare, ecology and macroeconomics”.
Statistics collected by the company’s researchers show that this kind of threat is of growing concern.
In the first half of 2018, we’re told that “41.2% of ICS computers were attacked at least once. Moreover, this is a continuation of a trend: in 2017, the figure increased from 36.61% in the first half of the year to 37.75% in the second half”.
We’re also told that top countries by the number of ICS computers attacked in 2018 were “Vietnam, where 75.1% of ICS computers were attacked, Algeria, with 71.6% and Morocco with 65%”.
As for the least attacked industrial facilities, Kaspersky Lab notes that “the top three countries turned out to be Denmark with 14% attacked computers in industrial enterprises, followed by Ireland with 14.4% and Switzerland close behind.”
“More than 40% of ICS computers were attacked in H1 2018 accounting for 15.9%. Developing economies account for highest numbers of ICS computers attacked, while developed regions have the lowest number of targeted ICS computers.”
Meanwhile, Australia stands at number 11 for the main sources if ICS infections as you can see at the infographic at the end of this page.
Where are these attacks originating from?
The largest number of threats come from “the internet, which over the years has become the main source of infection for ICS: 27% of threats are received from the world wide web; while removable storage media is ranked second with 8.4%. Mail clients occupy third place in terms of volume– they represent 3.8% of threats”.
Kirill Kruglov, security researcher at Kaspersky Lab said: “The percentage of cyberattacks on ICS computers is a concern. Our advice is to pay attention to systems’ security from the very beginning of their integration, when the systems’ elements are first connected to the internet: neglecting security solutions at this stage could lead to dire consequences”.
Kaspersky Lab ICS CERT recommends implementing the following technical measures:
- Regularly update operating systems, application software and security solutions on systems that are part of the enterprise’s industrial network.
- Restrict network traffic on ports and protocols used on edge routers and inside the organization’s OT networks.
- Audit access control for ICS components in the enterprise’s industrial network and at its boundaries.
- Deploy dedicated endpoint protection solutions on ICS servers, workstations and HMIs to secure OT and industrial infrastructure from random cyberattacks; and network traffic monitoring, analysis and detection solutions for better protection from targeted attacks.
- Provide dedicated training and support for employees as well as partners and suppliers with access to your network.
Click the image below or here for the full-size version: