Hackers use crypto malware to attack computers in factories

- Adrian Ungureanu

In the first half of the year manufacturing companies were most susceptible: ICS computers of them accounted for about one third of all attacks, according to the Kaspersky Lab report “Threat Landscape for Industrial Automation Systems in H1 2017”. The peak of attackers’ activity was registered in March, after which the proportion of computers attacked gradually declined from April to June.

During the first six month of the year, Kaspersky Lab products blocked attack attempts on 37.6% of several tens of thousands of ICS computers protected of them globally. This figure was almost unchanged compared to the previous period – it is 1.6 percentage points less than in the second half of 2016. Majority of them were in manufacturing companies that produce various materials, equipment and goods. Other most affected industries include engineering, education, food&beverage. ICS computers of energy companies accounted for almost 5% of all attacks.

While the Top three countries with attacked industrial computers remained the same with Vietnam (71%), Algeria (67,1%) and Morocco (65,4%), researchers detected an increase in number of attacks in China (57,1%), which came fifth, according to the data released by Kaspersky Lab.

Also, experts discovered that the main source of threats was Internet: attempts to download malware or access known malicious or phishing web resources were blocked on 20.4% of ICS computers. The reason of the high statistics for this type of infection lies in unrestricted access and connection of industrial networks to the Internet, which threatens the entire industrial infrastructure.

In total, in the first six months of 2017 Kaspersky Lab detected about 18.000 different modifications of malware on industrial automation systems belonging to more than 2.500 different families.

Ransomware Attacks
In the first half of the year the world has been facing the ransomware epidemic, which affected industrial enterprises as well. Based on the research of Kaspersky Lab ICS CERT, the number of unique ICS computers attacked by encryption Trojans had been increasing and tripled by June. Overall, experts discovered encryption ransomware belonging to 33 different families. Most of the encryption Trojans have been distributed through spam emails, disguised as part of the business communication, with either malicious attachments or links to malware downloaders.

“The fact that ICS computers in manufacturing companies accounted for about one third of all attacks, causes a great security concern, meaning high risks of cyberattack which could bring damages of enterprise’s industrial automation systems and serious consequences for businesses as a whole. Taking into consideration that in the first six months pf the year we observed the active distribution of encryption malware, which we believe is set to continue, the probability of a destructive attack is even higher“, says Evgeny Goncharov, Head of Critical Infrastructure Defense Department, Kaspersky Lab.