Kaspersky Research Finds ICS Energy Sector Under the Highest Cyberthreat Pressure

EIN Kapersky 400

Oct 23, 2019

According to the recent Kaspersky ICS CERT report, a concerning percentage of industrial control system (ICS) computers in the energy sector globally were targeted by cyberattacks in the first six months of 2019. Of the Kaspersky solutions installed on ICS computers, 41.6% experienced and blocked a cyber threat. The three main cyber threats detected in energy ICS environments included worms (7.1%), spyware (3.7%) and cryptocurrency miners (2.9%).

Industrial cyber incidents are among the most dangerous cyberattacks as they typically result in production downtime, tangible financial losses and are difficult to overcome. This is especially true when incidents occur in critical, life-supporting sectors such as energy. Malware infections can also negatively affect the availability and integrity of ICS and other systems that are part of the industrial network.

Among the threats that were detected in H1 2019, a few were particularly unique. This includes Agent Tesla, a specialized Trojan spy malware designed to steal authentication data, screenshots and data captured from web cameras and keyboards. Kaspersky products also identified and blocked cases of the Meterpreter backdoor which was being used to remotely control computers on the industrial networks of energy systems. Attacks that use the backdoor are targeted and often conducted in manual mode. Syswin, a new wiper worm written in Python and packed into the Windows executable format, was also detected. This threat can have a significant impact on ICS computers due to its ability to self-propagate and destroy data.

Kaspersky experts also analyzed the automotive manufacturing (39.3%) and building automation (37.8%) industries, taking the second and the third place respectively to the percentage of ICS computers on which malicious objects were blocked.

Additional report findings include:

  • On average, ICS computers do not operate entirely inside the security perimeter of typical corporate environments, meaning tasks related to protecting the ICS and corporate segment are, to some extent, unrelated.
  • Generally, the level of malicious activity inside the ICS segment is connected with malware activity happening in the country where the ICS environment is located.
  • In countries where the security of ICS is favorable, low levels of compromised ICS computers are attributable to protection measures and tools that are in place rather than a limited level of malicious activity.
  • Self-propagating malicious programs are very active in some countries. In the cases analyzed, these were worms designed to infect removable media (USB flash drives, removable hard drives, mobile phones, etc.). It appears that infections with worms via removable media is the most common infection scenario for ICS computers.

Source

Related Articles


Latest Articles


Changing Scene

  • Federal Investment to Add 989 New Montreal Homes

    Federal Investment to Add 989 New Montreal Homes

    November 18, 2024 The federal government is providing nearly $364 million to help build 989 new homes in Montreal. The announcement took place at 5200 rue de la Savane, in Montreal, which received $100 million dollars through the Apartment Loan Construction Program (ACLP) to build 303 homes and will be operated by Olymbec. This rental building, named Lynk, is designed to… Read More…

  • ABB and NIEDAX Group Announce Completion of Joint Venture with the Formation of Abnex Inc.

    ABB and NIEDAX Group Announce Completion of Joint Venture with the Formation of Abnex Inc.

    November 18, 2024 ABB completed the previously announced 50/50 joint venture with Niedax Group. The Abnex Inc. joint venture (JV) will broaden solutions and advance opportunities in the rapidly growing North American cable management market. Integrating engineering and manufacturing capabilities of ABB’s Installation Products Division with Niedax Group will enable the newly formed company to deliver a… Read More…

  • Ontario Building More Electric Vehicle Charging Stations

    Ontario Building More Electric Vehicle Charging Stations

    November 18, 2024 The Ontario government is building over 1,300 new electric vehicle (EV) charging ports in small and medium-sized communities, marking a major milestone in the province’s plan to increase access to EV chargers outside of large urban centres and support the electrification of transportation across the province. As the province continues to see… Read More…

  • Ontario Investing Over $74 Million Through Next Round of Skills Development Fund Capital Stream

    Ontario Investing Over $74 Million Through Next Round of Skills Development Fund Capital Stream

    November 18, 2024 The Ontario government is launching the second round of its Skills Development Fund (SDF) Capital Stream starting November 29, with over $74 million in available funding to build, expand and retrofit training facilities for workers in the trades, including construction, manufacturing technology and health care. The government is also investing nearly $5 million from the first… Read More…