Tag Archives: ICS

The 2019 Kaspersky ICS CERT Report + Recommendations!

The 2019 Kaspersky ICS CERT Report just revealed that almost half of the Industrial Control System (ICS) computers they protected were attacked in the second half of 2018. This is a wake-up call to industries large and small.

They also shared with us some technical measures that can help companies ward off these cyberattacks.

 

The 2019 Kaspersky ICS CERT Report

The 2019 Kaspersky ICS CERT report is based on the industrial threat landscape the team experienced in H2 2018.

In that period, they noted that almost half of the ICS computers they were protecting were attached in some form.

These attacks could have crippled these industrial facilities if they resulted in an actual breach. That would have caused great material and production losses.

Here is the summary of their report :

  • 47.2% of ICS computers were attacked in 2018, slightly more than the 44% they encountered in 2017.
  • Vietnam was the top country, with 70.90% of their ICS computers attacked
  • Algeria was second, with 69.91%; and Tunisia was third with 64.57% attacked.
  • The least impacted countries were Ireland (11.7%), Switzerland (14.9%), and Denmark (15.2%).

 

Mass-Distributed Malware Is The Greatest Threat

Mass-distributed malware such as phishing emails are the most common way used by hackers to infiltrate industrial companies throughout the Asia Pacific region and the world.

Despite the common myth, the main source of threat to industrial computers is not a targeted attack, but mass-distributed malware that gets into industrial systems by accident, over the internet, through removable media such as USB-sticks, or e-mails.

However, the fact that the attacks are successful because of a casual attitude to cybersecurity hygiene among employees means that they can potentially be prevented by staff training and awareness – this is much easier than trying to stop determined threat actors,” said Kirill Kruglov, security researcher at Kaspersky Lab ICS CERT.

 

Knowledge And Training Are Essential To Combating Malicious Cyber Attacks

According to Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky Lab,

Our researchers are seeing many carefully crafted phishing emails, sent purportedly by real companies and masked as business correspondence, commercial offers, invitations to tender and so on, which could be very commonly faced by many enterprises in Malaysia.

We recommend all companies to warn their staff of this real threat and to train them to recognize signs of an attack, to not open suspicious files or click on links, and to inform their IT department of any potential incidents,” Yeo said.

H2 2018 saw a decline in ICS infections in Malaysia, 41.1% versus H1 2018 of 50.8%. It is a good sign that users are more aware of the cyber risks, and are becoming careful about it,” Yeo added.

 

How To Safeguard Industrial Computer Systems (ICS)

The 2019 Kaspersky Lab ICS CERT recommends the following measures to protect Industrial Computer Systems (ICS) :

  • Regularly update operating systems, application software on systems that are part of the enterprise’s industrial network.
  • Apply security fixes to PLC, RTU and network equipment used in ICS networks where applicable.
  • Restrict network traffic on ports and protocols used on edge routers and inside the organization’s OT networks.
  • Audit access control for ICS components in the enterprise’s industrial network and at its boundaries.
  • Deploy dedicated endpoint protection solutions on ICS servers, workstations and HMIs.
  • Make sure security solutions are up-to-date and all the technologies recommended by the security solution vendor to protect from targeted attacks are enabled.
  • Provide dedicated training and support for employees as well as partners and suppliers with access to your network.
  • Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


The Kaspersky Industrial CyberSecurity (KICS) Solution Revealed!

Kaspersky Lab just announced the Kaspersky Industrial CyberSecurity solution in Malaysia. Called KICS for short, it is a combination of Kaspersky’s services, technologies and intelligence designed to protect critical infrastructure and industrial facilities.

Cybersecurity of critical infrastructure and industrial facilities is of great importance, because of their importance to the stability and economy of the country. Malaysia, for example, is highly dependent on its industrial sector which contributes almost 37% of its GDP, and employs 36% of its labour force (in 2012).

Kaspersky Lab’s Andrey Suvorov and Vikram Kalkat flew in to talk to us about industrial cybersecurity and how Kaspersky Industrial CyberSecurity can help mitigate, if not reduce or eliminate, the risks of cyber attacks of critical infrastructure and facilities.

 

The Kaspersky Industrial CyberSecurity (KICS) Solution Revealed

Cyber-attacks on industrial control systems are on the rise. In 2016, 67% of information and operational technology managers say that their security risks are at a critical level. In this video, Vikram Kalkat (Senior Key Account Manager, KICS) explains the industrial cybersecurity landscape.

The Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (ICS CERT) Report 2016 gives Malaysia a risk score of 15% . The scoring is determined by the observability mode, security assessment and exploit prevention. Malaysia is also a target for cyber-attacks, ranking 66th on the Kaspersky Lab Industrial Cyberthreats Real-Time Map.

The introduction of Kaspersky Industrial CyberSecurity (KICS) cannot come at a better time. The high degree of automation and use of information technologies in modern industrial facilities make them especially vulnerable to cyber attacks. Andrey Suvorov, Head of Critical Infrastructure Protection Business Development, Kaspersky Lab, explains how KICS can minimise the risks and effects of a cyber-attack on industrial control systems.

Unlike traditional corporate IT networks (where confidentiality is the top priority), industrial control systems (ICS) demand faultless continuity and consistency of the technological process. Strict regulation and compliance can lead to unprotected operating of critical facilities if the cybersecurity measures do not meet safety requirements.

Kaspersky Industrial CyberSecurity considers all these unique requirements and protects the ICS network at the layers most vulnerable to cyber-attacks – ICS/SCADA servers, HMI panels, engineering workstations, PLCs and more – securing them from cyber-threats without affecting operational continuity and consistency of the technological process.

Read more about KICS and how it detects and prevents threats in the next page!

Next Page > KICS Threat Detection & Prevention, Meeting Strict Industry Requirements

[adrotate banner=”5″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

KICS Threat Detection & Prevention

Traditionally, ICS organizations are not well prepared or protected to withstand cyber security attacks. The design of ICS software and hardware is hard to call secure. To minimize the possibility of a cyber-attack, Industrial Control Systems (ICS) is supposed to be run in a physically isolated environment. However this is not always the case.

Historically, ICS operating team is not able to recognize social engineering attacks, recognize unsafe actions and become a solid stage of cyber security in their organizations. Of cause, their main task is to provide safe and reliable production process. On the other hand, the ICS organizations cannot afford significant investment into security workforce, since this is not a priority for them. The cyber security response plan may assume that some external organization is involved for incident coordination, analysis and response actions.

Kaspersky Industrial CyberSecurity offers a combination of conventional security technologies, adapted for an ICS environment, such as anti-malware protection, whitelisting and vulnerability assessment functionality. This strong foundation is further enhanced with unique technologies designed specifically for industrial environments, including integrity check for programmable logic controller (PLC)semantic monitoring of process control commands and telemetry data to detect cyber-attacks targeting the physical part of an infrastructure.

Kaspersky Industrial CyberSecurity also provides a special observability mode that focuses solely on the detection of cyber-attacks, operation personnel faults and anomalies inside an industrial network. All prevention and detection technologies are managed via a single centralized management console.

 

Meeting Strict Industry Requirements

The highly customizable settings of Kaspersky Industrial CyberSecurity mean it can be configured in strict accordance with the requirements of different industries, facilities and production lines, allowing the solution to be effectively integrated into an organization’s existing ICS network and technological processes without any significant modifications to the network or to the process. All of their technologies are tested by and certified with leading ICS vendors.

When Kaspersky Lab was developing KICS, there were some unique requirements they had to meet:

[adrotate banner=”4″]
  • Observability mode. Security solutions are deployed extremely carefully in critical industrial environments. Solutions should be able to monitor activity and detect threats, but leave the decision to block an attack up to the operator. Industrial systems rely on customized software, so even the potential conflict between a security solution and, let’s say, operations of a railway system cannot be allowed.
  • Security assessment. Critical infrastructure always works together with traditional IT, and the fact that different teams are usually responsible for security of those two entities is challenging. An independent look by security experts proficient in both industrial systems and general IT helps to identify potential weaknesses usually found at the meeting point between two systems. This is also true for any traditional IT infrastructure. In fact, the variety of endpoints, mobile devices, on-site servers and cloud services is no less complicated than a power plant.
  • Exploit prevention. Technologies designed to identify attacks using previously unknown vulnerabilities is one level above traditional anti-malware systems. As we learned from Stuxnet, critical infrastructure may be targeted with the most advanced cyber weapons. Unlike traditional malware, targeted and advanced attacks require special tools.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!