In the first half of the year manufacturing companies were most susceptible: ICS computers of them accounted for about one-third of all attacks, according to the Kaspersky Lab report “Threat Landscape for Industrial Automation Systems in H1 2017”. The peak of attackers’ activity was registered in March, after which the proportion of computers attacked gradually declined from April to June.
 

During the first six months of the year, Kaspersky Lab products blocked attack attempts on 37.6% of several tens of thousands of ICS computers protected of them globally. This figure was almost unchanged compared to the previous period – it is 1.6 percentage points less than in the second half of 2016.
 

Majority of them were in manufacturing companies that produce various materials, equipment and goods. Other most affected industries include engineering, education, food & beverage. ICS computers of energy companies accounted for almost 5% of all attacks.
 


 

While the top three countries with attacked industrial computers remained the same with Vietnam (71%), Algeria (67.1%) and Morocco (65.4%), researchers detected an increase in number of attacks in China (57.1%), which came fifth, according to the data released by Kaspersky Lab.
 

Also, experts discovered that the main source of threats was Internet: attempts to download malware or access known malicious or phishing web resources were blocked on 20.4% of ICS computers.
 

The reason of the high statistics for this type of infection lies in unrestricted access and connection of industrial networks to the Internet, which threatens the entire industrial infrastructure.
 

In total, in the first six months of 2017 Kaspersky Lab detected about 18,000 different modifications of malware on industrial automation systems belonging to more than 2,500 different families.
 

Ransomware Attacks
 

In the first half of the year the world has been facing the ransomware epidemic, which affected industrial enterprises as well. Based on the research of Kaspersky Lab ICS CERT, the number of unique ICS computers attacked by encryption Trojans had been increasing and tripled by June.
 

Overall, experts discovered encryption ransomware belonging to 33 different families. Most of the encryption Trojans have been distributed through spam emails, disguised as part of the business communication, with either malicious attachments or links to malware downloaders.
 

The main ransomware statistics from the H1, 2017 report include:
 

0.5% of computers in the industrial infrastructure of organizations were attacked by encryption ransomware at least once.
 

ICS computers in 63 countries across the globe were under numerous encryption ransomware attacks, the most notorious of which were WannaCry and ExPetr campaigns.
 

The WannaCry epidemic ranked highest among encryption ransomware families, with 13.4% of all computers in industrial infrastructure attacked. The most affected organizations included healthcare institutions and government sector.
 

The ExPetr was another most notorious encryption ransomware campaign of the first half of the year that attacked overall at least 50% of the companies from manufacturing, and Oil&Gas industries.
 

Top 10 most widespread encryption Trojan families include other ransomware families, such as Locky and Cerber, operating since 2016 and since that time earned the highest profit for cybercriminals.
 

“The fact that ICS computers in manufacturing companies accounted for about one third of all attacks, causes a great security concern, meaning high risks of cyberattack which could bring damages of enterprise’s industrial automation systems and serious consequences for businesses as a whole. Taking into consideration that in the first six months of the year we observed the active distribution of encryption malware, which we believe is set to continue, the probability of a destructive attack is even higher”, says Evgeny Goncharov, Head of Critical Infrastructure Defense Department, Kaspersky Lab.
 

In order to protect the ICS environment from possible cyber-attacks,Kaspersky Lab ICS CERT recommends the following:
 

Take an inventory of running network services with special emphasis on services that provide remote access to file system objects.
 

Audit ICS component access isolation, the network activity in the enterprise’s industrial network and at its boundaries, policies and practices related to using removable media and portable devices.
 

Verify the security of remote access to the industrial network, as minimum, and reduce or completely eliminate the use of remote administration tools as maximum.
 

Keep endpoint security solutions up-to-date.
 

Use advanced methods of protection: deploy tools that provide network traffic monitoring and detection of cyberattacks on industrial networks.
 

Read a summary of the Kaspersky Lab ICS CERT report for H1 2017 on Securelist.com.
 

The full report is available on Kaspersky Lab ICS CERT website


RECOMMENDED ARTICLE FOR TECHWORLD


 
GPU Powered: 7 Startups You Won’t Want to Miss at GTC
Techworld Date Posted: 27 February 2019 1:27 PM | 93 Views
Cargo ships that can self-navigate. A massive marketplace for AI-authenticated collectible sneakers. Professional translation at 5x speed.. See More
 
GPU Powered: 7 Startups You Won’t Want to Miss at GTC
Techworld Date Posted: 1:27 PM | 93 Views
Cargo ships that can self-navigate. A massive marketplace for AI-authenticated collectible sneakers. Professional translation at 5x speed.See More

 
Ground Zero Esports Lounge: Bringing the Premier Gaming Experience to North Metro Manila
Techworld Date Posted: 2 October 2018 11:08 AM | 239 Views
Ground Zero Esports Lounge, located in Xentro Mall, Antipolo aims to be the one-stop-shop for the gamer looking for a high-end gaming experience with premier amenities.. See More
 
Ground Zero Esports Lounge: Bringing the Premier Gaming Experience to North Metro Manila
Techworld Date Posted: 11:08 AM | 239 Views
Ground Zero Esports Lounge, located in Xentro Mall, Antipolo aims to be the one-stop-shop for the gamer looking for a high-end gaming experience with premier amenities.See More

 
Akamai Announces New Services, Research and Partnerships to Help Customers ‘Connect to Tomorrow’
Techworld Date Posted: 24 October 2017 2:20 PM | 338 Views
Akamai Technologies announced its vision for an integrated approach to delivering world class digital experiences at the ‘EDGE’ Conference – its annual customer event. With customers looking for the fastest online services backed by.... See More
 
Akamai Announces New Services, Research and Partnerships to Help Customers ‘Connect to Tomorrow’
Techworld Date Posted: 2:20 PM | 338 Views
Akamai Technologies announced its vision for an integrated approach to delivering world class digital experiences at the ‘EDGE’ Conference – its annual customer event. With customers looking for the fastest online services backed by...See More

 
Plextor M8PeG Spotted in MSI®’s New Gaming Desktop Aegis Ti3
Techworld Date Posted: 31 January 2017 3:35 PM | 623 Views
MSI® has updated its gaming desktop computer lineup at the recent CES 2017. See More
 
Plextor M8PeG Spotted in MSI®’s New Gaming Desktop Aegis Ti3
Techworld Date Posted: 3:35 PM | 623 Views
MSI® has updated its gaming desktop computer lineup at the recent CES 2017See More

 
Kingston Enhances Award-Winning IronKey D300 Encrypted USB
Techworld Date Posted: 19 November 2018 3:15 PM | 195 Views
Kingston Technology, a world leader in memory products and technology solutions, has added new features to its recent Cyber Defense 2018 Global Awards winning IronKey™ D300 encrypted USB flash drive to improve device management.... See More
 
Kingston Enhances Award-Winning IronKey D300 Encrypted USB
Techworld Date Posted: 3:15 PM | 195 Views
Kingston Technology, a world leader in memory products and technology solutions, has added new features to its recent Cyber Defense 2018 Global Awards winning IronKey™ D300 encrypted USB flash drive to improve device management...See More

 
AOC, the Number One Monitor Brand in PH, Kicks Off SM Cybermonth as Major Partner
Techworld Date Posted: 20 August 2018 11:00 AM | 548 Views
Philippines’ number one monitor brand, AOC, made their presence known during SM Cybermonth, which was held at the SM Mall of Asia last August 3 and 4, by providing monitors for the main events.... See More
 
AOC, the Number One Monitor Brand in PH, Kicks Off SM Cybermonth as Major Partner
Techworld Date Posted: 11:00 AM | 548 Views
Philippines’ number one monitor brand, AOC, made their presence known during SM Cybermonth, which was held at the SM Mall of Asia last August 3 and 4, by providing monitors for the main events...See More

 
Q2 2017 Akamai state of the Internet Security Report Analyzes Re-emergence of PBOT Malware Domain Generation Algorithms Relationship Between Mirai Command and Control and Attack Targets
Techworld Date Posted: 29 August 2017 3:41 PM | 383 Views
Newly released data shows that distributed denial of service (DDoS) and web application attacks are on the rise once again, according to the Second Quarter, 2017 State of the Internet / Security Report released.... See More
 
Q2 2017 Akamai state of the Internet Security Report Analyzes Re-emergence of PBOT Malware Domain Generation Algorithms Relationship Between Mirai Command and Control and Attack Targets
Techworld Date Posted: 3:41 PM | 383 Views
Newly released data shows that distributed denial of service (DDoS) and web application attacks are on the rise once again, according to the Second Quarter, 2017 State of the Internet / Security Report released...See More

 
Global Shipments of FUJITSU Image Scanners Have Passed the 10 Million Mark
Techworld Date Posted: 30 September 2017 9:58 AM | 256 Views
PFU is proud to announce that as of July 2017, global shipments of its FUJITSU image scanners have passed the 10 million mark.. See More
 
Global Shipments of FUJITSU Image Scanners Have Passed the 10 Million Mark
Techworld Date Posted: 9:58 AM | 256 Views
PFU is proud to announce that as of July 2017, global shipments of its FUJITSU image scanners have passed the 10 million mark.See More

 
Transcend to Supply High-Quality Memory Products In Spite of DRAM Shortage
Techworld Date Posted: 2 December 2017 4:46 PM | 286 Views
As the global demand for DRAM continue to rise, it is expected the price of DRAM to stay firm through year 2018. See More
 
Transcend to Supply High-Quality Memory Products In Spite of DRAM Shortage
Techworld Date Posted: 4:46 PM | 286 Views
As the global demand for DRAM continue to rise, it is expected the price of DRAM to stay firm through year 2018See More

 
SECURITY AT YOUR FINGERTIPS: Kaspersky Lab Launches On-Demand Security Service in PH
Techworld Date Posted: 15 March 2019 8:54 AM | 126 Views
Kaspersky Lab has announced its on-demand service, which allows internet users in the Philippines to secure their devices on a weekly or monthly basis, for as little as 10 to 30 pesos for seven.... See More
 
SECURITY AT YOUR FINGERTIPS: Kaspersky Lab Launches On-Demand Security Service in PH
Techworld Date Posted: 8:54 AM | 126 Views
Kaspersky Lab has announced its on-demand service, which allows internet users in the Philippines to secure their devices on a weekly or monthly basis, for as little as 10 to 30 pesos for seven...See More


Power by

Download Free AZ | Free Wordpress Themes