Report: The Energy Sector is the Biggest Victim of Industrial Control System Attacks

Report: The Energy Sector is the Biggest Victim of Industrial Control System Attacks

Anheng Information

Frontline news on cybersecurity, emergency response solutions, and in-depth analysis of technical hotspots

Follow Us

Report: The Energy Sector is the Biggest Victim of Industrial Control System Attacks

According to a report released by Kaspersky Lab on March 26, the number of cyberattacks faced by the energy sector far exceeds that of other industries, and many security vulnerabilities disclosed in 2017 have significantly impacted various products used in this sector.

2017 First Half Vulnerability Statistics

Kaspersky analyzed a total of 322 security vulnerabilities disclosed by the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), various security vendors, and its own researchers in the first half of 2017, including security issues related to Industrial Control Systems (ICS) and general software and protocols used by industrial enterprises.

Report: The Energy Sector is the Biggest Victim of Industrial Control System Attacks

Among these, 178 vulnerabilities pointed to control systems used in the energy sector. Key manufacturing enterprises, including those producing metals, machinery, electrical equipment, and transportation equipment, were practically affected by 164 of these security vulnerabilities.

Other industries significantly impacted by security vulnerabilities include:

  • Water resources and wastewater treatment (97 vulnerabilities);

  • Transportation (74 vulnerabilities);

  • Commercial facilities (65 vulnerabilities);

  • Agriculture and food (61 vulnerabilities), etc.

A considerable portion of the security vulnerabilities disclosed in 2017 primarily affected:

  • Data acquisition and monitoring systems (SCADA) and Human-Machine Interface (HMI) components (88 vulnerabilities);

  • Industrial network devices (66 vulnerabilities);

  • Programmable Logic Controllers (PLC) (52 vulnerabilities);

  • Engineering software (52 vulnerabilities).

However, vulnerabilities affecting various general-purpose software and protocols can also impact industrial enterprises, including the WPA2 KRACK vulnerability and multiple bugs affecting Intel’s technology solutions.

Authentication Vulnerabilities are Generally More Severe

By vulnerability type, approximately 25% are web-related, while 21% are authentication-related issues.

Most security flaws are classified as medium or high severity, but according to the relevant CVSS scores, only 60 flaws are classified as high-risk vulnerabilities. Kaspersky noted that all vulnerabilities with a CVSS score of 10 are related to authentication mechanisms and can be easily exploited remotely.

Kaspersky stated that 265 security vulnerabilities can be exploited remotely without authentication and do not require attackers to possess any special knowledge or skills. The company also explained that the specific exploitation methods for 17 of these vulnerabilities have already been publicly disclosed online.

2017 Second Half Security Incident Data

Kaspersky also released data on malware infections and other security incidents. In the second half of 2017, Kaspersky security products installed on industrial automation systems detected nearly 18,000 variants of malware from about 2,400 families. Nearly 38% of enterprise industrial control system computers experienced malware attacks, a slight decrease compared to the second half of 2016.

The energy sector remains the largest victim of vulnerability attacks, with nearly 40% of devices in energy enterprises having been targeted by specific attacks.

Report: The Energy Sector is the Biggest Victim of Industrial Control System Attacks

Kaspersky stated that in most cases, attempts to infect industrial control system computers are incidental events rather than part of targeted attack activities. Therefore, the functionalities achieved by such malware are not specific to industrial automation systems. However, even without specific functionalities for industrial control systems, these malware infections can still have serious consequences for industrial automation systems, potentially leading to emergency halts in production processes, as seen in some cases where WannaCry attacks temporarily disrupted production processes.

Researchers also pointed out that botnets could pose significant threats, including stealing sensitive data, causing production process interruptions, and triggering coding errors and compatibility issues. In 2017, at least one-tenth of the systems monitored by Kaspersky were attacked by botnets.

This article is reprinted from E-Security

https://www.easyaq.com/news/2014673955.shtml

Top 3 Popular Articles Last Week

  • Secretary Che Jun: Grasping cybersecurity is grasping stability; grasping informatization is grasping development

  • West Lake Sword Cup | Hero Recruitment Order! Win prizes, earn offers! We’re waiting for you!

  • Hikvision collaborates with Anheng, Microsoft, Intel, and ten other well-known companies to build an AI Cloud ecosystem

Leave a Comment