The 2019 Kaspersky ICS CERT Report + Recommendations!

The 2019 Kaspersky ICS CERT Report just revealed that almost half of the Industrial Control System (ICS) computers they protected were attacked in the second half of 2018. This is a wake-up call to industries large and small.

They also shared with us some technical measures that can help companies ward off these cyberattacks.

 

The 2019 Kaspersky ICS CERT Report

The 2019 Kaspersky ICS CERT report is based on the industrial threat landscape the team experienced in H2 2018.

In that period, they noted that almost half of the ICS computers they were protecting were attached in some form.

These attacks could have crippled these industrial facilities if they resulted in an actual breach. That would have caused great material and production losses.

The 2019 Kaspersky ICS CERT Report + Recommendations!

Here is the summary of their report :

  • 47.2% of ICS computers were attacked in 2018, slightly more than the 44% they encountered in 2017.
  • Vietnam was the top country, with 70.90% of their ICS computers attacked
  • Algeria was second, with 69.91%; and Tunisia was third with 64.57% attacked.
  • The least impacted countries were Ireland (11.7%), Switzerland (14.9%), and Denmark (15.2%).

 

Mass-Distributed Malware Is The Greatest Threat

Mass-distributed malware such as phishing emails are the most common way used by hackers to infiltrate industrial companies throughout the Asia Pacific region and the world.

Despite the common myth, the main source of threat to industrial computers is not a targeted attack, but mass-distributed malware that gets into industrial systems by accident, over the internet, through removable media such as USB-sticks, or e-mails.

However, the fact that the attacks are successful because of a casual attitude to cybersecurity hygiene among employees means that they can potentially be prevented by staff training and awareness – this is much easier than trying to stop determined threat actors,” said Kirill Kruglov, security researcher at Kaspersky Lab ICS CERT.

 

Knowledge And Training Are Essential To Combating Malicious Cyber Attacks

According to Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky Lab,

Our researchers are seeing many carefully crafted phishing emails, sent purportedly by real companies and masked as business correspondence, commercial offers, invitations to tender and so on, which could be very commonly faced by many enterprises in Malaysia.

We recommend all companies to warn their staff of this real threat and to train them to recognize signs of an attack, to not open suspicious files or click on links, and to inform their IT department of any potential incidents,” Yeo said.

H2 2018 saw a decline in ICS infections in Malaysia, 41.1% versus H1 2018 of 50.8%. It is a good sign that users are more aware of the cyber risks, and are becoming careful about it,” Yeo added.

emails

 

How To Safeguard Industrial Computer Systems (ICS)

The 2019 Kaspersky Lab ICS CERT recommends the following measures to protect Industrial Computer Systems (ICS) :

  • Regularly update operating systems, application software on systems that are part of the enterprise’s industrial network.
  • Apply security fixes to PLC, RTU and network equipment used in ICS networks where applicable.
  • Restrict network traffic on ports and protocols used on edge routers and inside the organization’s OT networks.
  • Audit access control for ICS components in the enterprise’s industrial network and at its boundaries.
  • Deploy dedicated endpoint protection solutions on ICS servers, workstations and HMIs.
  • Make sure security solutions are up-to-date and all the technologies recommended by the security solution vendor to protect from targeted attacks are enabled.
  • Provide dedicated training and support for employees as well as partners and suppliers with access to your network.
  • Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets.

 

Recommended Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Comments

comments

About The Author

Leave a Reply

%d bloggers like this: