In 2018, Kaspersky Lab detected and blocked malware activity in almost half of its Industrial Control System (ICS) computers, which were protected by products and considered as part of the institutions' industrial infrastructure. The most affected countries are Vietnam, Algeria and Tunisia. Kaspersky Lab ICS CERT's 2018 first half of the industrial threat area report, this is one of the important findings.
Cyber attacks against ICS computers can be very dangerous because they can cause financial losses and production in industrial facilities. While the proportion of ICS computers exposed to such harmful activities in 2017 was 44%, this ratio increased to 47.2% in 2018.
According to the new report addressing ICS computers protected by Kaspersky Lab, the top three countries in terms of the rate of device attempted to perform harmful activity were Vietnam (70.09%), Algeria (69.91%) and Tunisia (64.57%). . The least affected by these attacks were Ireland (11.7%), Switzerland (14.9%) and Denmark (15.2%).
Contrary to popular belief, the main source of threats to industrial computers is not targeted attacks, Kaspersky Lab ICS CERT Security Researcher Kirill Kruglov said. The source of the problem is the creation of large-scale malicious software accidentally entering industrial systems via removable media devices or e-mails such as USB sticks or e-mails. However, these attacks, which are successful due to the fact that employees do not pay attention to cyber security, can be prevented by educating the teams and increasing their awareness. This is much easier than stopping the threat groups, Bu he said.
Kaspersky Lab ICS CERT recommends to take the following technical measures:
Regularly update application software and operating systems of systems in the enterprise's industrial network.
Take safety precautions on appropriate PLC, RTU and network equipment used in ICS networks.
Restrict network traffic to ports and protocols used in end routers and enterprise OT networks.
Control access control of ICS components in and around the enterprise's industrial network.
For ICS servers, workstations, and HMIs, use specialized solutions for endpoint protection. This solution protects OT and industrial infrastructure from malware infection and targeted industrial threats with network traffic tracking, analysis and detection capabilities.
Make sure that your security solutions are up-to-date and that all the technologies recommended by your solution provider are being used against targeted attacks.
Give special training and support to employees, partners and suppliers who have access to your network.
Use ICS network traffic tracking, analysis, and detection solutions to better protect against technological attacks and attacks that might threaten the organization's core assets.
