Cyber security experts have warned for more than a year that the U.S. is ill-prepared to detect and combat an expected wave of attacks on the electric grid and associated critical infrastructure controls.
From a Department of Homeland Security and the Federal Bureau of Investigation alert issued two weeks ago, we now know that Russian hackers have infiltrated U.S. nuclear power plants and other vital systems, in the process corralling detailed information on those industrial control systems (ICS).
None of that is good. And worse, the frequency and targeting of hacks may be more than we realize, according to a new report from security provider Kaspersky’s Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT). Data from that study indicated that roughly 40 percent of all ICS in energy organizations and 35 percent of engineering and ICS integration networks were attacked by malware at least once during the second half of 2017.
Kaspersky was able to count the industrial malware incidents because the organizations were equipped with its security solutions. The recent report, entitled Threat Landscape for Industrial Automation Systems in H2 2017, calculated that for the full year 322 vulnerabilities were identified in different ICS components.
While more attacks hit energy organizations and engineering and ICS integration businesses, hacks on construction facilities increased the most during the second half of 2017 as compared to the prior six months. Some 31 percent of ICS computers in the construction industry were attacked, perhaps indicating that those organizations were ill-prepared to stave off the hacks.
By contrast, ICS software developers incurred the lowest percentage of ICS attacks at 15 percent, the report showed. Their ICS research/development laboratories, testing platforms, demo stands and training environment are also being attacked by malicious software, just not as often as other industries.
Kaspersky also pointed out a rise in mining attacks on ICS it noticed beginning last September, timed to an increase in the cryptocurrency market and miners in general. For the 12-month period to January, 2018, cryptocurrency mining programs attacked three percent of industrial automation system computers, largely by accident, Kaspersky said.
Evgeny Goncharov, head of Kaspersky Lab ICS CERT, said the research findings were surprising. “For example, the high percentage of ICS computers attacked in power and energy companies demonstrated that the enterprises’ effort to ensure cybersecurity of their automation systems after some serious incidents in the industry is not enough, and there are multiple loopholes still there that cybercriminals can use.”
Additional data points from the report:
- The internet remains the main source of infection with 23 percent of ICS computers attacked, or two percent higher than in the first half of 2017.
- The percentage of blocked web-borne attacks in Europe and North America is substantially lower than elsewhere.
- The top five countries by percentage of ICS computers attacked is unchanged from the first half of 2017, spanning Vietnam (70 percent), Algeria (66 percent), Morocco (60 percent), Indonesia (60 percent) and China (60 percent).
- In the second half of 2017, the number of different malware modifications detected by Kaspersky's solutions installed on industrial automation systems increased from 18,000 to about 18,900.
- In 2017, 11 percent of all ICS systems were attacked by botnet agents. The main sources of those attacks were the internet, removable media and email messages.
- In 2017, Kaspersky Lab ICS CERT identified 63 vulnerabilities in industrial systems and IIoT/IoT systems. Of those, 26 have been fixed by vendors.