More spyware and phishing against industrial companies

September 21, 2022
| No comments
More spyware and phishing against industrial companies

Share post

In the first half of 2022, malicious objects were blocked on 12 percent of OT (operational technology) computers in Germany, as current analyzes by Kaspersky ICS CERT show. Worldwide it was 32 percent. Building automation infrastructures are the most vulnerable.

Malicious scripts and phishing sites (JS and HTML) were the most common victims of industrial companies. Above all, the infrastructure for building automation is confronted with these threats: About half of the computers worldwide (42 percent) were dealing with them in the first half of the year. This is presumably because these systems may not be completely separate from the networks of the organizations located in the building, making them an attractive gateway of entry.

Special focus on building automation

In the first half of 2022, almost 32 percent of OT computers protected by Kaspersky solutions worldwide had malicious objects blocked. These computers are used in the oil and gas industry, energy sector, automotive manufacturing, building automation and other fields to perform OT functions - from engineer and operator workstations to SCADA servers (Supervisory Control and Data Acquisition) and Human Machine Interface (HMI).

In the first six months of 2022, cyber criminals most often tried to attack industrial computers with malicious scripts and phishing pages (JS and HTML). These objects were blocked on nearly 13 percent of protected computers worldwide. This threat type also showed the most dynamic growth compared to the previous half year, increasing by 3,5 percentage points.

Malicious scripts, phishing sites and spyware

Malicious scripts and phishing sites are one of the most common methods of spreading spyware. In the first half of 2022, such were detected on 9 percent of OT computers worldwide; this corresponds to an increase of 0,5 percentage points between the first half of 2022 and the second half of 2021. Spyware is also distributed via phishing emails with malicious attachments. In the first half of the year, Kaspersky solutions blocked around 6 percent of these.

"It is essential to protect both OT and IT endpoints with a dedicated solution that is properly configured and kept up to date," said Kirill Kruglov, senior researcher at Kaspersky ICS CERT. “The OT network should be isolated, all remote connections and communications secured, monitored, controlled and any unauthorized access prevented. A proactive approach to identifying and remediating potential vulnerabilities and relevant threats could save millions of dollars in incident costs.”

Blatant vulnerabilities within the OT infrastructure

Almost half of the computers (42 percent) in the building automation infrastructure, also known as building management systems (BMS), have been exposed to cyber threats. These computers are typically owned by service companies that manage automated systems in business or shopping centers, communities, and other types of public infrastructure. Industrial plants and critical infrastructure objects often own the on-site building management systems.

In the first half of 2022, these were the most vulnerable type of OT infrastructure. They ranked first in terms of the percentage of devices affected by various threat sources, namely Internet resources (23 percent), malicious email attachments and phishing links (14 percent), malicious documents (11 percent), and Trojans, backdoors, and keyloggers (13 percent). This is likely due to building automation engineers and operators using internet resources and email more actively than in other OT infrastructures. Also, the building control system may not be properly isolated from other internal networks in the building and can therefore be an attractive target for experienced threat actors.

No internal separate networks

"It stands to reason that this type of environment would feel the impact of attackers' activities because it is highly vulnerable and the cybersecurity maturity level is relatively low," adds Kirill Kruglov. “Attackers compromise systems that could potentially have connections to internal networks of factories, public spaces, or even critical infrastructure facilities.

As for smart cities and public infrastructure, the systems can manage an entire neighborhood with access to lighting control, traffic management and information, and other types of citizen services. A real "child's play" for perpetrators. Even more alarmingly, 14 percent of all building management systems (BMS) were attacked with phishing emails, double the global average.”

Kaspersky recommendations for protecting OT computers

  • Conduct regular security assessments of OT systems to identify and eliminate potential cybersecurity issues.
  • Establishment of continuous vulnerability assessment and triage as the basis for effective vulnerability management. Specific
  • Solutions like Kaspersky Industrial CyberSecurity can be an efficient assistant and a reliable source of unique and actionable information that is not fully available in the public digital space.
  • Regularly update the key components of the company's OT network and install security fixes and patches as soon as technically possible.
  • Use of EDR solutions such as Kaspersky Endpoint Detection and Response for timely detection of complex threats, investigation and effective remediation of security incidents.
  • Improve response to new and advanced malicious techniques by building and strengthening the incident prevention, detection and response capabilities of the responsible team. Dedicated OT security training for IT security teams and OT personnel is one of the most important measures to achieve this status.
More at Kaspersky.com

 

About Kaspersky

Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

Solar energy systems – how safe are they?

A study examined the IT security of solar energy systems. Problems include a lack of encryption during data transfer, standard passwords and insecure firmware updates. trend ➡ Read more

Kaspersky, Stories
, , , , ,