The main source of infection on ICS systems was the internet in H1 2018
10.9.2018 securityaffairs ICS
Researchers from Kaspersky have published a new report on the attacks on ICS systems observed by its products in the first half of 2018.
Kaspersky Lab experts have published a new report titled “Threat Landscape for Industrial Automation Systems” report for H1 2018, that includes interesting data related to attacks against the ICS systems. The security firm detected over 19,400 samples belonging to roughly 2,800 malware families, most of which were not threats specifically designed to this category of devices.
Most of the malware was the result of random attacks rather than targeted operations conducted by nation-state actors.
The data confirms an increase in the attack against the ICS systems, 41.2% of the industrial control systems protected by Kaspersky. Compared to the first half of 2017, experts observed an overall increase of 5% in the number of attack attempts.
Most of the attacks were observed in the countries with a low pro capita GDP in Asia, Latin America, and North African, while the in the United States, only 21.4% of ICS systems were hit.
The countries with the highest number of attacks by percentage were Vietnam (75.1 percent), Algeria (71.6 percent) and Morocco (65 percent), while the safest regions for ICS systems were Denmark (14 percent), Ireland (14.4 percent) and Switzerland (15.9 percent).
The main attack channel was the internet, 27 percent of attacks was originated from web sources, 8.4 percent leveraged removable storage media, and just 3.8 percent came from email clients.
“This pattern seems logical: modern industrial networks can hardly be considered isolated from external systems. Today, an interface between the industrial network and the corporate network is needed both to control industrial processes and to provide administration for industrial networks and systems,” Kaspersky added.
Most of the attacks involved Trojans using either Windows or web browsers as a platform.
“In H1 2018, threat actors continued to attack legitimate websites that had vulnerabilities in their web applications in order to host malware components on these websites,” Kaspersky said in the report. “Notably, the increase in the percentage of ICS computers attacked through browsers in H1 2018 was due to the increase in the number of attacks that involved JavaScript cryptocurrency miners. At the same time, the increase in the number of ICS computers attacked using Microsoft Office documents was associated with waves of phishing emails.”
More information about the attacks against ICS systems in H1 2018 are available in the the full version of the report (PDF)