Researchers from Kaspersky have published a new report on the attacks on ICS systems observed by its products in the first half of 2018.
Kaspersky Lab experts have published a new report titled “Threat Landscape for Industrial Automation Systems” report for H1 2018, that includes interesting data related to attacks against the ICS systems. The security firm detected over 19,400 samples belonging to roughly 2,800 malware families, most of which were not threats specifically designed to this category of devices.
Most of the malware was the result of random attacks rather than targeted operations conducted by nation-state actors.
The data confirms an increase in the attack against the ICS systems, 41.2% of the industrial control systems protected by Kaspersky. Compared to the first half of 2017, experts observed an overall increase of 5% in the number of attack attempts.
Most of the attacks were observed in the countries with a low pro capita GDP in Asia, Latin America, and North African, while the in the United States, only 21.4% of ICS systems were hit.
The countries with the highest number of attacks by percentage were Vietnam (75.1 percent), Algeria (71.6 percent) and Morocco (65 percent), while the safest regions for ICS systems were Denmark (14 percent), Ireland (14.4 percent) and Switzerland (15.9 percent).
The main attack channel was the internet, 27 percent of attacks was originated from web sources, 8.4 percent leveraged removable storage media, and just 3.8 percent came from email clients.
“This pattern seems logical: modern industrial networks can hardly be considered isolated from external systems. Today, an interface between the industrial network and the corporate network is needed both to control industrial processes and to provide administration for industrial networks and systems,” Kaspersky added.
Most of the attacks involved Trojans using either Windows or web browsers as a platform.
More information about the attacks against ICS systems in H1 2018 are available in the the full version of the report (PDF)
The post The main source of infection on ICS systems was the internet in H1 2018 appeared first on Security Affairs.