Two out of five industrial computers faced cyberattacks in the second half of 2016, according to Kaspersky Lab, and the risk is increasing. Here's how to prevent these attacks.
Nearly 40% of industrial computers experienced cyberattacks in the second half of 2016, according to a new report from Kaspersky Lab, released Tuesday. And these attacks are on the rise: The percentage of targeted industrial computers grew from 17% in July 2016 to 24% in December 2016.
Kaspersky Lab's Industrial Control Systems Cyber Emergency Response Team (ICS CERT) examined data from its Kaspersky Security Network, a distributed antivirus network operating across the globe, to create the report.
The no. 1 source of attacks? The internet. Malware downloads and phishing webpages attempted to infect more than 22% of industrial computers, Kaspersky Lab found. "This means that almost every fifth machine faced the risk of infection or credential compromise via the internet at least once," according to a press release.
This may come as a surprise, as the desktop computers of the engineers and operators who work directly with industrial control systems (ICS) do not usually have direct internet access. However, other users have simultaneous access to the internet and ICS, the report noted.
SEE: Network Security Policy Template (Tech Pro Research)
"According to Kaspersky Lab research, these computers—presumably used by system and network administrators, developers and integrators of industrial automation systems, as well as third party contractors who connect to technology networks directly or remotely—can freely connect to the internet because they are not tied to only one industrial network with its inherent limitations," the press release stated.
Other common sources of attacks included removable storage devices that contained malware, which impacted nearly 11% of ICS. And malicious email attachments and scripts were found on about 8% of industrial computers, often appearing in the form of Microsoft Office documents and PDF files.
Kaspersky Lab found about 20,000 different malware samples in industrial automation systems, from more than 2,000 different malware families, the report stated.
The implications of cyberattacks on industrial computers are severe: Attacks can potentially steal information about production processes, or even sabotage manufacturing operations. If these systems are controlling a large crane or piece of equipment, human lives could be at stake. This is of further concern as the Internet of Things (IoT) continues to spread in industrial settings, offering more opportunities for cybercriminals to hack into devices that control important operations.
"Our analysis shows us that blind faith in technology networks' isolation from the internet doesn't work anymore," said Evgeny Goncharov, head of the critical infrastructure defense department, Kaspersky Lab, in a press release. "The rise of cyberthreats to critical infrastructure indicates that ICS should be properly secured from malware both inside and outside the perimeter. It is also important to note that according to our observations, the attacks almost always start with the weakest link in any protection—people."
To protect your enterprise's industrial computer systems from cyberattacks, Kaspersky Lab security experts advise the following, according to the report:
1. Conduct a security assessment to identify and remove security loopholes.
2. Request external intelligence from reputable vendors. This helps organizations to predict future attacks on the company's industrial infrastructure.
3. Provide protection inside and outside the perimeter. A proper security strategy has to devote significant resources to attack detection and response, to block an attack before it reaches critically important objects.
4. Evaluate advanced methods of protection. A Default Deny scenario for SCADA systems, regular integrity checks for controllers, and specialized network monitoring to increase the overall security of a company will reduce the chances of a successful breach, even if some inherently vulnerable nodes cannot be patched or removed.
5. Train your personnel.
- 5 reasons your company can't hire a cybersecurity professional, and what you can do to fix it (TechRepublic)
- Video: What the Secret Service can teach us about cybersecurity (ZDNet)
- The CIA has the key to your IoT, but they should be the least of your concerns (TechRepublic)
- IoT devices can be hacked in minutes, warn researchers (ZDNet)
- High-tech bacon making using industrial IoT at SugarCreek (TechRepublic)