Alarming number of ICS computers attacked in 2018

Alarming number of ICS computers attacked in 2018

Over 40% of all industrial control system (ICS) computers protected by Kaspersky Lab solutions were attacked by malicious software at least once during the first half of 2018.

The most impacted countries were Vietnam, Algeria and Sri Lanka, with the safest region for industrial machines cited as Denmark. These are among the main findings of the Kaspersky Lab ICS CERT report on the industrial threat landscape in H1 2018.

Cyberattacks on industrial computers are considered to be an extremely dangerous threat as they cause material losses and production downtime for a whole system. Moreover, industrial enterprises knocked out of service can seriously undermine a region’s social welfare, ecology and macroeconomics. 

Statistics collected by Kaspersky Lab researchers show that this kind of threat is of growing concern. In the first half of 2018, 41.2% of ICS computers were attacked at least once. This could well be a continuation of the 2017 trend, wherein the figure increased from 36.61% in the first half of the year to 37.75% in the second half.

Percentage of ICS computers attacked (H1 2017 – H1 2018)

The top countries with the most ICS computers attacked in 2018 were:

  • Vietnam, with 75.1% of ICS computers attacked
  • Algeria, with 71.6%
  • Morocco at 65%

The top three countries least attacked transpired to be:

  • Denmark with 14% attacked computers
  • Ireland with 14.4%
  • Switzerland 15.9%

Developing economies seemingly account for highest numbers of ICS computers attacked, while developed regions have the lowest number of targeted ICS computers.

The largest number of threats come from the internet, which over the years has become the main source of infection for ICS: 27% of threats are received from the world wide web; while removable storage media is ranked second with 8.4%. Mail clients occupy third place in terms of volume– they represent 3.8% of threats.

“It is truly concerning to see the amount of ICS computers being targeted by malicious software. We advise that IT operators pay close attention to a system’s security, from the very beginning of integration – at the point that elements of the system are being connected to the internet. It would be detrimental to neglect security solutions – which could lead to dire repercussions for industrial organisations,” says David Emm, principal security researcher at Kaspersky Lab.

To mitigate the risk of attack, Kaspersky Lab ICS CERT recommends implementing the following technical measures:

  • Regularly update operating systems, application software and security solutions on systems that are part of the enterprise’s industrial network.
  • Restrict network traffic on ports and protocols used on edge routers and inside the organisation's OT networks.
  • Audit access control for ICS components in the enterprise’s industrial network and at its boundaries.
  • Deploy dedicated endpoint protection solutions on ICS servers, workstations and HMIs to secure OT and industrial infrastructure from random cyberattacks; and network traffic monitoring, analysis and detection solutions for better protection from targeted attacks.
  • Provide dedicated training and support for employees as well as partners and suppliers with access to your network.