Kaspersky Research Finds ICS Energy Sector Under the Highest Cyberthreat Pressure

EIN Kapersky 400

Oct 23, 2019

According to the recent Kaspersky ICS CERT report, a concerning percentage of industrial control system (ICS) computers in the energy sector globally were targeted by cyberattacks in the first six months of 2019. Of the Kaspersky solutions installed on ICS computers, 41.6% experienced and blocked a cyber threat. The three main cyber threats detected in energy ICS environments included worms (7.1%), spyware (3.7%) and cryptocurrency miners (2.9%).

Industrial cyber incidents are among the most dangerous cyberattacks as they typically result in production downtime, tangible financial losses and are difficult to overcome. This is especially true when incidents occur in critical, life-supporting sectors such as energy. Malware infections can also negatively affect the availability and integrity of ICS and other systems that are part of the industrial network.

Among the threats that were detected in H1 2019, a few were particularly unique. This includes Agent Tesla, a specialized Trojan spy malware designed to steal authentication data, screenshots and data captured from web cameras and keyboards. Kaspersky products also identified and blocked cases of the Meterpreter backdoor which was being used to remotely control computers on the industrial networks of energy systems. Attacks that use the backdoor are targeted and often conducted in manual mode. Syswin, a new wiper worm written in Python and packed into the Windows executable format, was also detected. This threat can have a significant impact on ICS computers due to its ability to self-propagate and destroy data.

Kaspersky experts also analyzed the automotive manufacturing (39.3%) and building automation (37.8%) industries, taking the second and the third place respectively to the percentage of ICS computers on which malicious objects were blocked.

Additional report findings include:

  • On average, ICS computers do not operate entirely inside the security perimeter of typical corporate environments, meaning tasks related to protecting the ICS and corporate segment are, to some extent, unrelated.
  • Generally, the level of malicious activity inside the ICS segment is connected with malware activity happening in the country where the ICS environment is located.
  • In countries where the security of ICS is favorable, low levels of compromised ICS computers are attributable to protection measures and tools that are in place rather than a limited level of malicious activity.
  • Self-propagating malicious programs are very active in some countries. In the cases analyzed, these were worms designed to infect removable media (USB flash drives, removable hard drives, mobile phones, etc.). It appears that infections with worms via removable media is the most common infection scenario for ICS computers.

Source

Related Articles


Latest Articles

  • The Non-Residential Sector Declines in All Three Components Despite Sustained Industrial Permit Level

    The Non-Residential Sector Declines in All Three Components Despite Sustained Industrial Permit Level

    November 4, 2024 The total value of building permits in Canada decreased by $858.1 million (-7.0%) to $11.5 billion in August, following a strong July during which construction intentions rose sharply (+20.8%). The residential and non-residential sectors contributed to the decrease in August. On a constant dollar basis (2017=100), the total value of building permits decreased 7.6% in… Read More…

  • A Slight Decrease in Residential Building Construction for August

    A Slight Decrease in Residential Building Construction for August

    November 4, 2024 Investment in building construction edged up 0.2% to $21.0 billion in August, after a 1.6% decrease in July. The residential sector edged down (-0.1%) to $14.6 billion, while the non-residential sector was up 1.0% to $6.4 billion. Year over year, investment in building construction grew 7.2% in August. On a constant dollar basis (2017=100), investment in building construction was… Read More…

  • When a Familiar Door Closes

    When a Familiar Door Closes

    November 4, 2024 By Keith Sones, seasoned utility industry executive Most of the articles I’ve written have been based on personal experiences, many of them occurring decades ago, which eventually translate into helpful life lessons. The years allow the events to marinate in a savoury stew of time and reflection, clarity never coming immediately, or even… Read More…

  • Regulatory Changes to Manitoba Apprenticeship and Certification System

    Regulatory Changes to Manitoba Apprenticeship and Certification System

    November 4, 2024 Effective October 30, 2024, Manitoba’s apprenticeship and certification system will undergo regulatory changes. These changes aim to enhance responsiveness to industry needs, align with Red Seal standards, and improve the quality of apprentice training and safety. Go HERE for more information Source Read More…


Changing Scene