Over One-third of Industrial Control Systems Were Attacked in Q1 2021

Industrial Control Systems (ICS) control many types of industrial processes in industries such as manufacturing, transportation, building automation, water treatment, and energy. These systems and associated instrumentation are crucial for the ongoing operations of industrial processes, which is why this finding from a recent Kaspersky report is very disquieting:

During the first half of 2021, 33.8% of ICS computers were attacked, 0.4% higher than in Q2 2020.

In simple terms, a third of industrial control systems were attacked in Q1 2021.

On the surface, a 0.4% increase doesn’t seem like much. However, the accelerating progress of Industry 4.0 has led to an increasing convergence in Information Technology (IT) and Operational Technology (OT), which in turn has led to a surge in attacks against industrial systems. Moreover, many of these systems are often unpatched or unsecured and exposed to the public-facing Internet, all of which leaves them vulnerable to remote attacks. All these facts clarify that even a 0.4% increase in attacks is a serious red flag for industrial operations everywhere.

Main Threat Sources to ICS

The Kaspersky report found that hackers attacked ICS environments by infiltrating these three channels:

• The Internet

• Removable media

• Email

In H1 2021, Internet-based threats dominated at 18.2%, followed by 5.2% and 3% of threats delivered via removable media and malicious email attachments, respectively. Malware was one of the most serious threats to ICS systems worldwide, with over 20,000 variants blocked by cybersecurity solutions. Of these, deny-listed Internet resources were a particularly egregious threat source, along with malicious scripts, redirects, spyware and ransomware.

Another report estimates that in H1 2021, the number of vulnerabilities affecting ICS grew by 41%. Most of these vulnerabilities represented serious risks, with 71% being remotely exploitable and classified as either critical or high-risk.

The 2021 cyber attacks on Colonial Pipeline and the Florida water treatment facility perfectly illustrate these reports’ findings. Critical infrastructure and manufacturing environments exposed to the Internet are extremely vulnerable to cyber threats, and such organizations need to take prompt action to secure themselves.

The Way Forward for ICS and Cybersecurity

Even though a third of industrial control systems were attacked in H1 2021, it does not mean that history has to repeat itself. Many attacks resulted from insecure legacy systems that couldn’t withstand clever cybercriminals and their sophisticated attack weapons. That’s why, for ICS organizations and industries, the first step of action should be to fix the gaps in their security posture. An assessment of their security posture will help support finding vulnerabilities and gaps.

As the number of ICS devices and elements increases, the risk of a cyber-attack also increases manifold. A security assessment can help industrial organizations gauge their cybersecurity maturity and understand their cyber breach risk. It will also help them clarify the next steps to strengthen their cybersecurity strategy, implement security controls, measure cyber-resilience, and set up a vulnerability management program.

For businesses that have never assessed the gaps within their security posture, Packetlabs recommends a penetration test. Unlike automated vulnerability scanning, pen tests are performed by skilled, ethical hacker experts. A pen test is a detailed test of the ICS infrastructure, enabling industrial organizations to identify the security weaknesses that threat actors could exploit. Further, they can understand their cybersecurity posture, prioritize remediation efforts, and take timely action to shore up their defences. For companies with a more mature cyber posture, a cybersecurity maturity assessment may be more suitable.

Conclusion

For many years, industrial organizations have been attractive to both financially motivated and politically motivated cybercriminals. Cyber espionage and credential-stealing campaigns have recently escalated and created even more severe cybersecurity problems for such organizations.

Fortunately, industrial organizations dependent on ICS can get ahead of cybercriminals and secure their systems from attacks and breaches. With penetration tests and cybersecurity maturity assessments, ethical hackers can map attack surfaces, understand cyber risk, and, most importantly, keep critical industrial control systems and devices safe from harm.

Click here to know how Packetlabs helps industrial organizations strengthen their cybersecurity posture with penetration testing.