In the second half of 2016 Kaspersky Lab products around the world blocked attempted attacks on 39.2 percent of protected computers that it classifies as being part of industrial enterprise technology infrastructure.
The study from the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (ICS CERT) also reveals that the top three sources of infection were the internet, removable storage devices, and malicious e-mail attachments and scripts embedded in the body of e-mails.
The danger of infected removable storage devices shows the internet is not the only thing businesses have to worry about. During the period of research, 10.9 percent of computers with ICS software installed (or connected to those that have this software) showed traces of malware when a removable device was connected to them.
Malicious e-mail attachments and scripts embedded in the body of e-mails were blocked on 8.1 percent of industrial computers, taking third place. In most cases, attackers use phishing e-mails to attract the user’s attention and disguise malicious files. Malware is most often distributed in the format of office documents such as MS Office and PDF files.
“Our analysis shows us that blind faith in technology networks’ isolation from the internet doesn’t work anymore,” says Evgeny Goncharov, head of critical infrastructure defense department at Kaspersky Lab. “The rise of cyberthreats to critical infrastructure indicates that ICS should be properly secured from malware both inside and outside the perimeter. It is also important to note that according to our observations, the attacks almost always start with the weakest link in any protection — people.”
The findings reveal about 20,000 different malware samples in industrial automation systems belonging to over 2,000 different malware families. The top three countries that experienced industrial computer attacks were Vietnam (with more than 66 percent of systems attacked), Algeria (over 65 percent) and Morocco (60 percent).
The full report is available from the Kaspersky Lab ICS CERT website and there’s more information on the Securelist blog.
Image Credit: Meryll / Shutterstock