Just a few short months ago in February, Japanese optics manufacturer HOYA suffered a cyberattack, which resulted in a partial shutdown of production lines at its key factory in Thailand.
About 100 of the company’s computers were infected with malware designed to steal user credentials and subsequently distribute a cryptocurrency miner.
The attack ended up discovered March 1, when the company’s specialists noticed a significant degradation in the performance of a server used to manage orders and production, which rendered the order and production management software impossible to use. Although the company was able to prevent the cryptocurrency mining operation, the output of its affected industrial facilities fell to about 40 percent of its normal level.
The incident also affected computers at HOYA headquarters in Japan that were connected to the network, disrupting the issuing of invoices.
That was just one example of how companies are repeatedly under siege by attackers trying to steal information.
Of all the industries suffering from attacks on industrial control system (ICS) computers, the energy sector topped the list globally in the first six months of 2019, according to report from Kaspersky.
Of the Kaspersky solutions installed on ICS computers, 41.6 percnt experienced and blocked a cyber threat. The three main cyber threats detected in energy ICS environments included worms (7.1 percent), spyware (3.7 percent) and cryptocurrency miners (2.9 percent).
Industrial cyber incidents are among the most dangerous cyberattacks as they can result in production downtime, tangible financial losses and are difficult to overcome. This is especially true when incidents occur in critical, life-supporting sectors such as energy. Malware infections can also negatively affect the availability and integrity of ICS and other systems that are part of the industrial network.
There were some different threats detected in the first half of this year.
One was Agent Tesla, a specialized Trojan spy malware designed to steal authentication data, screenshots and data captured from web cameras and keyboards.
Also identified and blocked were incidents of the Meterpreter backdoor which was being used to remotely control computers on the industrial networks of energy systems. Attacks that use the backdoor are targeted and often conducted in manual mode.
Syswin, a new wiper worm written in Python and packed into the Windows executable format, was also detected. This threat can have a significant impact on ICS computers due to its ability to self-propagate and destroy data.
Other industries facing the attack wrath was automotive manufacturing (39.3 percent) and building automation (37.8 percent). They were second and the third respectively for ICS computers on which malicious objects were blocked.
Additional report findings include:
• On average, ICS computers do not operate entirely inside the security perimeter of typical corporate environments, meaning tasks related to protecting the ICS and corporate segment are, to some extent, unrelated.
• Generally, the level of malicious activity inside the ICS segment is connected with malware activity happening in the country where the ICS environment is located.
• In countries where the security of ICS is favorable, low levels of compromised ICS computers are attributable to protection measures and tools that are in place rather than a limited level of malicious activity.
• Self-propagating malicious programs are very active in some countries. In the cases analyzed, these were worms designed to infect removable media (USB flash drives, removable hard drives, mobile phones, etc.). It appears that infections with worms via removable media is the most common infection scenario for ICS computers.
“The collected statistics, as well as analysis into industrial cyberthreats, are a proven asset for assessing current trends and predicting what type of danger we should all prepare for,” said Kirill Kruglov, security researcher at Kaspersky. “This report has identified that security experts should be particularly cautious about malicious software that aims to steal data, spy on critically important objects, penetrate the perimeter and destroy the data. All of these types of incident could cause lots of trouble for the ICS industry.”
Click here for the full report.