Industrial control systems in manufacturing, energy, chemical and other environments are coming under an increasing number of cyber attacks, as hacking groups of all kinds attempt to breach these networks.
By targeting industrial systems attackers can potentially do vast amounts of damage, ranging from using backdoors to make off with sensitive data, causing the network to shut down due to a ransomware attack, or even leading to dangerous situations industrial systems break down, causing physical damage.
Many control systems still run on old or bespoke operating systems making them vulnerable to interference, and cyber attackers ranging from criminal gangs to state-backed hacking groups know this and are looking to take advantage.
According to new figures from Kaspersky Lab’s Threat Landscape for Industrial Automation Systems report, almost one in two industrial systems display evidence of attackers attempting malicious activity – in most cases, detected by security software
The figures – based on anonymized data submitted to the Kaspersky Security Network by the security company’s customers – reveal that the main attack vector for these systems is unsurprising via the internet with hackers on the lookout for unsecured ports and systems to can gain access to. This accounted for a quarter of identified threats.
In some cases, these Internet-based attacks won’t even be targeting industrial networks specifically, but the way in which their set-up leaves them open to the internet means self-propagating campaigns can easily find them.
Removable media is identified as the second most prolific threat to industrial networks. In some cases, the systems aren’t connected to the internet, but be it intentionally or not, corrupted USB drives can lead to systems becoming infected with malware.
Researchers identify email as the third most common attack vector targeting these systems. These phishing attacks remain the number one attack method used by hacking groups which are specifically targeting the networks of organizations for the purpose of espionage.
Malicious payloads drop trojans, backdoors and keyloggers which allow attackers to gain access to the network, with sophisticated hacking operations like Sharpshooter, GreyEnergy and MuddyWater among those causing headaches for industrial operations.
It’s also possible that phishing emails get spammed out to users who run these systems by botnet campaigns which aren’t targeted – but nonetheless, they still do damage and organisations need to be aware of the risks they face if their systems aren’t secure.
“Despite the common myth, the main source of threat to industrial computers is not a targeted attack, but mass-distributed malware that gets into industrial systems by accident, over the internet, through removable media such as USB-sticks, or emails, said Kirill Kruglov, a security researcher at Kaspersky Lab ICS CERT.
“However, the fact that the attacks are successful because of a casual attitude to cybersecurity hygiene among employees means that they can potentially be prevented by staff training and awareness – this is much easier than trying to stop determined threat actors,” he adds.
To help prevent successful attacks against industrial networks, researchers recommend regularly updating operating systems and software on the industrial network and applying security fixes and patches where available.
It’s also recommended that network traffic is restricted on ports and protocols on the edge of the system in order to prevent malicious software from finding a way in.