Attacks against automation, oil and gas industries grow
During the first half of 2020, the percentage of systems attacked in the oil and gas and building automation industries increased when compared to H1 and H2 2019. Industrial organisations were also the victim of sophisticated campaigns by advanced persistent threat actors.
At the same time, the percentage of industrial control system (ICS) computers attacked in most industries declined as cyber criminals shifted their focus to distributing more targeted and focused threats.
This was revealed by Kaspersky’s threat landscape for industrial automation systems research, for H1 2020c.
Bad actors appeared to shift their focus from mass attacks to distributing more focused and targeted threats, including backdoors, spyware, and ransomware attacks.
Kaspersky says there were noticeably more families of backdoors and spyware built on the .NET platform that were detected and blocked on ICS computers. The percent of ICS computers affected by ransomware grew slightly in H1 2020 when compared to H2 2019 across all industries.
According to the security giant, attacks against industrial entities carry the potential to be devastating, both in terms of disruption to production and financial losses. In addition, attacks against industrial enterprises have become more targeted, organised by sophisticated threat actors with extensive resources whose goals may not just be financial gain but also cyber espionage.
During the first six months of 2020, the industries most prone to attacks were building automation and oil & gas.
Building automation systems generally tend to be exposed to attacks more frequently, due in part to them having a larger attack surface than traditional ICS computers as they are frequently connected to corporate networks and the Internet.
“At the same time, because they traditionally belong to contractor organisations, these systems are not always managed by the organisation’s corporate information security team - making them an easier target,” says Kaspersky.
The company says that the growth in the number of ICS computers attacked in the oil & gas industry can be traced back to the development of a variety of worms written in script languages, specifically Python and PowerShell. These worms are able to gather authentication credentials from the memory of system processes using different versions of the Mimikatz utility.
Evgeny Goncharov, security expert at Kaspersky, says the percentage of ICS computers attacked across most industries is declining. “However, there are still threats to contend with. The more targeted and sophisticated attacks are, the greater potential they have to cause significant damage, even if they occur less frequently.”
What’s more, Goncharov says with many enterprises forced to work remotely and sign into corporate systems from home, ICS have naturally become more exposed to cyber threats.
“And with fewer on-sight personnel, there are fewer people available to respond and mitigate an attack, meaning the consequences may be far more devastating,” he warns.