In 2018, Kaspersky Lab detected and prevented activity by malicious objects on almost half of Industrial Control System (ICS) computers protected by the company’s products and defined as part of an organisation’s industrial infrastructure. The most affected countries were Vietnam, Algeria and Tunisia. These are some of the main findings of the Kaspersky Lab ICS CERT report on the industrial threat landscape in H2 2018.
Malicious cyber activities on ICS computers are considered an extremely dangerous threat as they could potentially cause material losses and production downtime in the operation of industrial facilities.
In 2018, the share of ICS computers that experienced such activities grew to 47.2 percent from 44 percent in 2017, indicating that the threat is rising
According to the new report, the top three countries in terms of the percentage of ICS computers on which Kaspersky Lab prevented malicious activity were the following: Vietnam (70.09 percent), Algeria (69.91 percent), and Tunisia (64.57 percent). The least impacted nations were Ireland (11.7 percent), Switzerland (14.9 percent), and Denmark (15.2 percent).
“Despite the common myth, the main source of threat to industrial computers is not a targeted attack, but mass-distributed malware that gets into industrial systems by accident, over the internet, through removable media such as USB-sticks, or e-mails. However, the fact that the attacks are successful because of a casual attitude to cybersecurity hygiene among employees means that they can potentially be prevented by staff training and awareness – this is much easier than trying to stop determined threat actors,” said Kirill Kruglov, security researcher at Kaspersky Lab ICS CERT.
Threats Against Industrial Computers In Singapore And Southeast Asia
When it comes to the regions worldwide with the highest proportion of ICS machines on which malicious activity was prevented by Kaspersky Lab, Southeast Asia came in second, with 57.8 percent of infected machines in H2 2018, following closely behind the most infected region, Africa at 60.5 percent.
In Singapore, the distribution of detected infection rate was 20.7 percent, and this figure was also the lowest across Southeast Asia. Within Asia Pacific, Singapore had the second lowest distribution of detected infections in H2 2018, edging behind Hong Kong at 15.3 percent.
“From 23 percent of ICS machines almost infected during the first six months of 2018, Singapore recorded a nearly three percent lower infection rate against their critical systems for last year’s final half. We commend the government and the enterprises’ significant strides in prioritising cybersecurity, and our latest figures undoubtedly prove the fruits of their labour. We are hopeful that Singapore will continue to be mindful that large-scale cyberattacks against critical systems have the potential to cripple manufacturing and disturb the nation’s operations, especially as the country continues to embark on its Smart Nation Initiative,” commented Yeo Siang Tiong, General Manager for Southeast Asia, Kaspersky Lab
Kaspersky Lab ICS CERT Recommends Implementing The Following Technical Measures:
- Regularly update operating systems, application software on systems that are part of the enterprise’s industrial network.
- Apply security fixes to PLC, RTU and network equipment used in ICS networks where applicable.
- Restrict network traffic on ports and protocols used on edge routers and inside the organisation’s OT networks.
- Audit access control for ICS components in the enterprise’s industrial network and at its boundaries.
- Deploy dedicated endpoint protection solutions on ICS servers, workstations and HMIs, such as Kaspersky Industrial CyberSecurity. This solution includes network traffic monitoring, analysis and detection to secure OT and industrial infrastructure from both random malware infections and dedicated industrial threats.
- Make sure security solutions are up-to-date and all the technologies recommended by the security solution vendor to protect from targeted attacks are enabled.
- Provide dedicated training and support for employees as well as partners and suppliers with access to your network.
- Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets.
READ MORE IN OUR LATEST ISSUE!
WANT MORE INSIDER NEWS? SUBSCRIBE TO OUR DIGITAL MAGAZINE NOW!