The main source of infection on ICS systems was the internet in H1 2018

Researchers from Kaspersky have published a new report on the attacks on ICS systems observed by its products in the first half of 2018.

Kaspersky Lab experts have published a new report titled “Threat Landscape for Industrial Automation Systems” report for H1 2018, that includes interesting data related to attacks against the ICS systems. The security firm detected over 19,400 samples belonging to roughly 2,800 malware families, most of which were not threats specifically designed to this category of devices.

Most of the malware was the result of random attacks rather than targeted operations conducted by nation-state actors.

The data confirms an increase in the attack against the ICS systems, 41.2% of the industrial control systems protected by Kaspersky. Compared to the first half of 2017, experts observed an overall increase of 5% in the number of attack attempts.

Most of the attacks were observed in the countries with a low pro capita GDP in Asia, Latin America, and North African, while the in the United States, only 21.4% of ICS systems were hit.

The countries with the highest number of attacks by percentage were Vietnam (75.1 percent), Algeria (71.6 percent) and Morocco (65 percent), while the safest regions for ICS systems were Denmark (14 percent), Ireland (14.4 percent) and Switzerland (15.9 percent).

The main attack channel was the internet, 27 percent of attacks was originated from web sources, 8.4 percent leveraged removable storage media, and just 3.8 percent came from email clients.

“This pattern seems logical: modern industrial networks can hardly be considered isolated from external systems. Today, an interface between the industrial network and the corporate network is needed both to control industrial processes and to provide administration for industrial networks and systems,” Kaspersky added.

Most of the attacks involved Trojans using either Windows or web browsers as a platform.

“In H1 2018, threat actors continued to attack legitimate websites that had vulnerabilities in their web applications in order to host malware components on these websites,” Kaspersky said in the report. “Notably, the increase in the percentage of ICS computers attacked through browsers in H1 2018 was due to the increase in the number of attacks that involved JavaScript cryptocurrency miners. At the same time, the increase in the number of ICS computers attacked using Microsoft Office documents was associated with waves of phishing emails.”

More information about the attacks against ICS systems in H1 2018 are available in the the full version of the report (PDF)

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Securi ty Affairs – ICS systems, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.