Kaspersky Research Finds ICS Energy Sector Under the Highest Cyberthreat Pressure

EIN Kapersky 400

Oct 23, 2019

According to the recent Kaspersky ICS CERT report, a concerning percentage of industrial control system (ICS) computers in the energy sector globally were targeted by cyberattacks in the first six months of 2019. Of the Kaspersky solutions installed on ICS computers, 41.6% experienced and blocked a cyber threat. The three main cyber threats detected in energy ICS environments included worms (7.1%), spyware (3.7%) and cryptocurrency miners (2.9%).

Industrial cyber incidents are among the most dangerous cyberattacks as they typically result in production downtime, tangible financial losses and are difficult to overcome. This is especially true when incidents occur in critical, life-supporting sectors such as energy. Malware infections can also negatively affect the availability and integrity of ICS and other systems that are part of the industrial network.

Among the threats that were detected in H1 2019, a few were particularly unique. This includes Agent Tesla, a specialized Trojan spy malware designed to steal authentication data, screenshots and data captured from web cameras and keyboards. Kaspersky products also identified and blocked cases of the Meterpreter backdoor which was being used to remotely control computers on the industrial networks of energy systems. Attacks that use the backdoor are targeted and often conducted in manual mode. Syswin, a new wiper worm written in Python and packed into the Windows executable format, was also detected. This threat can have a significant impact on ICS computers due to its ability to self-propagate and destroy data.

Kaspersky experts also analyzed the automotive manufacturing (39.3%) and building automation (37.8%) industries, taking the second and the third place respectively to the percentage of ICS computers on which malicious objects were blocked.

Additional report findings include:

  • On average, ICS computers do not operate entirely inside the security perimeter of typical corporate environments, meaning tasks related to protecting the ICS and corporate segment are, to some extent, unrelated.
  • Generally, the level of malicious activity inside the ICS segment is connected with malware activity happening in the country where the ICS environment is located.
  • In countries where the security of ICS is favorable, low levels of compromised ICS computers are attributable to protection measures and tools that are in place rather than a limited level of malicious activity.
  • Self-propagating malicious programs are very active in some countries. In the cases analyzed, these were worms designed to infect removable media (USB flash drives, removable hard drives, mobile phones, etc.). It appears that infections with worms via removable media is the most common infection scenario for ICS computers.

Source

Related Articles


Latest Articles


Changing Scene

  • City of Winnipeg Continues to Improve Online Permits System

    City of Winnipeg Continues to Improve Online Permits System

    July 4, 2025 The City of Winnipeg has launched an improved Permits Online web portal. This upgrade makes the permit process more convenient for our customers. Permits Online is a one-stop shop to manage the permit process. Now, the web portal is easier to use because customers can navigate it using their mobile device. The portal is… Read More…

  • Schneider Electric Launches Chapter 3 of Sustainability School

    Schneider Electric Launches Chapter 3 of Sustainability School

    July 4, 2025 Schneider Electric, the leader in the digital transformation of energy management and automation, has launched Chapter 3 of its online Sustainability School, a free training program designed to empower its channel ecosystem partners to become leaders in sustainability. This chapter will focus on teaching businesses how to decarbonize and unlock the competitive… Read More…

  • United Chargers Launches Grizzl-E Club Charger-as-a-Service Subscription Model

    United Chargers Launches Grizzl-E Club Charger-as-a-Service Subscription Model

    July 4, 2025 United Chargers Inc., known for the Grizzl-E line of EV chargers, announces Grizzl-E Club, a first-of-its-kind charger as a service that provides a free EV Charger and pays drivers back for charging. Grizzl-E Club is designed to make EV ownership more rewarding, accessible, and future-ready. Beginning July 1st, Canadians can join the Grizzl-E… Read More…

  • Consultation on Potential Tariff Remission for Certain Imports

    Consultation on Potential Tariff Remission for Certain Imports

    July 4, 2025 The Department of Finance Canada is reaching out to Canadian producers and industry associations regarding the potential remission of tariffs on certain imports from the United States and China. The Department has outlined its framework and process for how it will consider remission requests for tariffs on products from the United States (U.S.) and China…. Read More…