Skip to content ↓ | Skip to navigation ↓

Security researchers discovered approximately 18,000 variants of 2,500 different malware families on ICS computers in the first half of 2017.

That’s just one of the findings from Kaspersky Lab’s Threat Landscape for Industrial Automation Systems in H1 2017 report. For its study, the Russian security firm analyzed data collected from members of the Kaspersky Security Network (KSN) who had given their consent to anonymously share their data with researchers. Kaspersky Lab then refined this information pool to include data only from Windows computers that based upon their choice of security products help manage supervisory control and data acquisition (SCADA) servers, Human Machine Interface (HMI), and other industrial infrastructure.

Overall, the security company blocked attack attempts against 37.6 percent of ICS computers that use its products. That figure is 1.6 percentage points less than in the second half of 2016.

Source: Kaspersky Lab

At least some of the 18,000 malware variants detected by Kaspersky Labs showed up on 20.4 percent of ICS computers via malicious downloads or phishing resources hosted on the web. Many of those cases involved Windows (Win32/Win 64) executable files that used a script language like JavaScript or Visual Basic Script to execute their malicious functionality. Kaspersky Lab ICS CERT provides some information on those strains’ infection vectors:

“For computers that are part of industrial infrastructure, the Internet remains the main source of infection. Contributing factors include interfaces between corporate and industrial networks, availability of limited Internet access from industrial networks, and connection of computers on industrial networks to the Internet via mobile phone operators’ networks (using mobile phones, USB modems and/or Wi-Fi routers with 3G/LTE support).”

At the same time, some organizations suffered more high-profile attacks against their industrial automation systems. For instance, Kaspersky Lab detected 500 companies in over 50 countries that fell victim to Industroyer. Other industrial companies weathered a crypto-ransomware attack, with the greatest rate of infection attributed to WannaCry at 13.4 percent of computers in industrial infrastructure attacked by encryption-based malware.

Source: Kaspersky Lab

Organizations can defend themselves against ransomware, malware, and other digital threats by in part shoring up the security of their industrial infrastructure. For information on how Tripwire’s solutions can help, please click here.