https://newsletter.en.creamermedia.com

Manufacturing sector bore brunt of industrial cyberattacks in first half of 2017

27th October 2017

By: Schalk Burger

Creamer Media Senior Deputy Editor

     

Font size: - +

The manufacturing sector emerged as the hardest hit by cyberattacks during the first half of 2017, with one in every three industrial cyberattacks carried out against industrial control system (ICS) computers, says global cybersecurity firm Kaspersky Lab critical infrastructure defence head Evgeny Goncharov.

The ‘Threat Landscape for Industrial Automation Systems’ report notes that Kaspersky Lab cybersecurity products blocked attack attempts on 37.6% of ICS computers during the first half of 2017, following the receipt of anonymised information from tens of thousands of ICS computers.

This represents a marginal 1.6% dip, compared with the second half of 2016. The majority of the ICS computers were in manufacturing companies that produce various materials, equipment and goods, says Goncharov.

Other highly affected industries include engineering, education and food and beverage. ICS computers in energy companies accounted for almost 5% of all industrial cyberattacks. Attempts to download malware or access known malicious or phishing Web-resources were blocked on 20.4% of ICS computers.

The reason for the high numbers of this type of infection is the result of the interfaces between corporate and industrial networks, availability of limited Internet access from industrial networks and connection of computers on industrial networks to the Internet through mobile phone operators’ networks, Goncharov explains.

In total, Kaspersky Lab detected about 18 000 different modifications of malware – belonging to more than 2 500 different malware families – on industrial automation systems in the first six months of 2017.

“During the first half of the year, the world faced a ransomware epidemic, which also affected industrial companies. Based on the research from the Kaspersky Lab ICS Cyber Emergency Response Team (CERT), the number of unique ICS computers attacked by encryption Trojans increased significantly and had tripled by June.”

In order to protect the ICS environment from possible cyberattacks, the Kaspersky Lab ICS CERT recommends that industrial companies take an inventory of running network services, with special emphasis on services that provide remote access to file system objects.

Further, they should verify the security of remote access to the industrial network as a minimum, and reduce or completely eliminate the use of remote administration tools as a maximum, and keep endpoint security solutions up-to-date.

They should also audit ICS component access isolation, the network activity in the enterprise’s industrial network and at its boundaries, and policies and practices related to using removable media and portable devices.

Additionally, the CERT recommends that industrial firms use advanced methods of protection. For example, companies should deploy tools that provide network traffic monitoring and the detection of cyberattacks on industrial networks.

Overall, experts discovered encryption ransomware belonging to 33 different families. Most of the encryption Trojans were distributed through spam emails disguised as part of the business communication, with either malicious attachments or links to malware downloaders embedded within the communication.

Further, ExPetr was a notorious encryption ransomware campaign from the first half of the year, with at least 50% of the companies attacked being from manufacturing and the oil and gas industries.

“In the first half of the year, we saw how weakly protected industrial systems are. Almost all the affected industrial computers were infected accidentally and as the result of attacks targeted initially at home users and corporate networks.

“The WannaCry and ExPetr destructive ransomware attacks disrupted enterprise production cycles around the world, caused logistical failures and forced downtime in the work of medical institutions.

“The results of such attacks can provoke intruders into further actions. Since we are already late with preventive measures, companies should think about proactive protective measures now to avoid ‘firefighting’ in future,” Goncharov stresses.

Edited by Martin Zhuwakinyu
Creamer Media Senior Deputy Editor

Comments

 

Showroom

Rittal
Rittal

Rittal is a world leading provider of top-quality integrated systems for enclosures, power distribution, climate control, IT infrastructure and...

VISIT SHOWROOM 
Multotec
Multotec

Multotec, recognised industry leaders in metallurgy and process engineering help mining houses across the world process minerals more efficiently,...

VISIT SHOWROOM 

Latest Multimedia

sponsored by

Magazine round up | 13 December 2024
Magazine round up | 13 December 2024
13th December 2024

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?

MAGAZINE & ONLINE

SUBSCRIBE

RESEARCH CHANNEL AFRICA

SUBSCRIBE

CORPORATE PACKAGES

CLICK FOR A QUOTATION







sq:0.191 0.289s - 189pq - 2rq
Subscribe Now