Industrial cybersecurity in Germany: fewer attacks, but more complex. Most of the Internet and email threats. However: 33 percent more attacks on ICS computers worldwide.
Current Kaspersky analyzes for the second half of 2020 show that the number of cyber attacks on German industrial companies has decreased slightly since 2019, but these are becoming increasingly targeted and dangerous. The reasons: fewer attacks by spyware and agents from various botnets, crypto miners and aggressive adware - the number of computers that are infected with old, self-spreading malware in the form of worms is also falling.
ICS attacks are becoming more local, more focused, more complex
At the same time, however, these attacks are becoming more local, more focused and consequently more complex and difficult to detect, so that the Kaspersky experts cannot give the all-clear regarding the cyber hazard potential for industrial systems - especially with regard to the global attack situation, according to which the number of blocked malware on ICSs Computers has increased to 33 percent.
In the course of advancing Industry 4.0, production lines, power lines, critical infrastructures and industrial systems are now just as affected by cyber threats as traditional office networks. However, IT security incidents in industry can be extremely dangerous, as they can lead to production downtimes, financial losses or even endangering human life, as the recent attack on a drinking water plant in Florida showed.
The ransomware paradox
The proportion of ICS computers in Germany on which spyware and ransomware (as well as scripts and documents that are normally used as the first stage) were blocked rose slightly in the second half of 2020 compared to the first:
- Spyware: 3,2 percent (compared to 3,1 percent in the first half of 2020)
- Malicious scripts: 3,8 percent (versus 3,0 percent)
- Harmful documents: 2,0 percent (versus 1,4 percent)
- Ransomware: 0,60 percent (versus 0,45 percent)
Ransomware (extortion software that encrypts data and extorts ransom) has an immediate impact on business as data and systems are no longer accessible to victim organizations after an attack.
First comes spyware, then ransomware
Ransomware is therefore typically used as the last level malware, while spyware is used, for example, as the first or second level; many ransomware malware is deployed either through spyware or through misuse of credentials stolen by spyware. The low percentage of computers with industrial control systems (ICS) in Germany on which ransomware has been blocked does not mean that it is not a threat, but that malware from earlier phases (such as spyware, Trojan horse scripts or harmful documents) has been successfully blocked.
Most of the threats that hit ICS systems in Germany in the second half of 2020 came from the Internet (6,6 percent), came via e-mail (2,8 percent) and were on removable media (1,1 percent) or in network Folders (0,3 percent).
The global ICS threat landscape
- Worldwide, the percentage of attacked ICS computers in the second half of 2020 was 33,4 percent, which corresponds to an increase of 0,85 percentage points.
- The variety of malware families used has increased by 30 percent.
- The building automation (46,7 percent), oil and gas (44 percent) and ICS technology and integration (39,3 percent) sectors.
- In addition, three-quarters of the countries surveyed (73,4 percent) increased the percentage of ICS computers that blocked malicious email attachments.
ICS security challenges
The industrial infrastructure is generally difficult to update and change. This also applies to security updates (patch management), updates to protection tools (such as anti-virus databases and the provision of protection tools. For example, Kaspersky statistics show that protected computers continue to be attacked repeatedly by all types of worms from unprotected computers within the industrial network.
Due to different standards and production cultures in different countries, industrial companies cannot introduce and maintain the same level of security for all organizations worldwide. As a result, individual facilities can become a threat to the security of the entire company.
ICS infrastructures are often old and too rigid
"In addition to the ICS infrastructure that is difficult to update and possibly other production sites that can lower the security level, industrial companies, especially in Germany, are faced with a lot of bureaucracy when it comes to reacting to threats and implementing new security technologies," explains Christian Milde, Managing Director DACH at Kaspersky. “Often, bureaucratic processes prevent organizations from changing centuries-old manufacturing traditions and adapting processes to respond to information security challenges in a timely manner. Industrial systems and critical infrastructures therefore require special protective measures. Industrial companies should invest quickly in preventive and comprehensive cybersecurity solutions to be protected against all types of cyber threats today and in the future.”
More at Kaspersky.de
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/