Two in five computers in industrial enterprises faced cyber attacks in the second half of 2016, according to research by Kaspersky Lab.
The percentage of industrial computers under attack grew from 17% in July 2016 to 24% in December 2016, with the top three sources of infection being the internet, removable storage devices and malicious emails.
As the technology and corporate networks of industrial enterprises become increasingly integrated, more and more cybercriminals are turning their attention to industrial enterprises as potential targets.
By exploiting vulnerabilities in the networks and software used by these enterprises, attackers could steal information related to the production process or even bring down manufacturing operations, leading to technogenic disaster.
>See also: Industrial Internet of Things under attack
In the second half of 2016, malware downloads and access to phishing pages were blocked on 22% of industrial computers, meaning every fifth machine at least once faced the risk of infection or credential compromise via the internet.
The desktop computers of engineers and operators working directly with industrial control systems (ICS) do not usually have direct access to the internet due to the limitations of the technology network in which they are located. However, there are other users that have simultaneous access to the internet and ICS.
According to Kaspersky Lab research, these computers – presumably used by system and network administrators, developers and integrators of industrial automation systems and third party contractors who connect to technology networks directly or remotely – can freely connect to the internet because they are not tied to only one industrial network with its inherent limitations.
The internet is not the only thing that threatens the cyber security of ICS systems. The danger of infected removable storage devices was another threat spotted by the company’s researchers. During the period of research, 11% of computers with ICS software installed (or connected to computers with ICS software) showed traces of malware when a removable device was connected to them.
Malicious email attachments and scripts embedded in the body of emails were blocked on 8% of industrial computers, taking third place. In most cases, attackers use phishing emails to attract the user’s attention and disguise malicious files.
Malware was most often distributed in the format of office documents such as MS Office and PDF files. Using various techniques, the criminals made sure that people downloaded and ran malware on the industrial organisation’s computers.
Malware, which poses a significant threat to companies around the world, is also dangerous to industrial enterprises, according to Kaspersky’s research. This includes spyware, backdoors, keyloggers, financial malware, ransomware and wipers.
These can completely paralyse the organisation’s control over its ICS or can be used for targeted attacks respectively. The latter is possible because of inherent functions that provide an attacker with lots of possibilities for remote control.
“Our analysis shows us that blind faith in technology networks’ isolation from the internet doesn’t work anymore,” said Evgeny Goncharov, head of Kaspersky’s critical infrastructure defense department.
“The rise of cyber threats to critical infrastructure indicates that ICS should be properly secured from malware both inside and outside the perimeter. It is also important to note that according to our observations, the attacks almost always start with the weakest link in any protection: people.”