A report from Kaspersky Lab found that in the second half of 2017, nearly 40 percent of all industrial control systems (ICS) in energy organizations protected by Kaspersky Lab solutions were attacked by malware at least once – closely followed by 35 percent of engineering & ICS integration networks.
卡巴斯基實驗室發佈的一份報告發現,在2017年下半年,受卡巴斯基實驗室解決方案保護的能源組織中,有近40%的工業控制系統(ICS)至少遭到一次的惡意軟件攻擊,緊隨其後的是35%的工程和工控系統集成網絡。
The Kaspersky Lab report, “Threat Landscape for Industrial Automation Systems in H2 2017,” also found that for all other industries (manufacturing, transportation, utilities, food, healthcare, etc.) the proportion of ICS computers attacked ranged from 26 percent to 30 percent on average. The vast majority of detected attacks were accidental hits.
這份“2017年下半年工業自動化系統威脅情況”卡巴斯基實驗室報告還發現,對於所有其他行業(製造業、交通運輸業、公用事業、食品、醫療保健等)而言,工控系統計算機遭受攻擊的比例平均介乎26%到30%之間。絕大多數檢測到的攻擊都是意外擊中。
The cybersecurity of industrial facilities remains an issue that can lead to very serious consequences affecting industrial processes, as well as businesses losses. While analyzing the threat landscape in different industries, Kaspersky Lab ICS CERT recorded that nearly all industries regularly experience cyberattacks on their ICS computers. However, there are two industries that were attacked more than others – energy organizations (39%), and engineering and ICS integration businesses (35%).
工業設施的網絡安全仍然是一大問題,可能導致影響工業流程的嚴重後果,造成企業損失。在分析不同行業的威脅情況時,卡巴斯基實驗室工控系統網絡應急響應小組記錄了幾乎所有行業其工控系統計算機日常遭受的網絡攻擊。但有兩個行業較其他行業受到的攻擊更多,那就是能源機構(39%),以及工程和工控系統集成業務(35%)。
The sector that demonstrated the most noticeable growth of ICS computers attacked during the second half of 2017 (compared to the first half of 2017) was construction, with 31 percent attacked. The relatively high percentage of attacked ICS computers in the construction industry compared to the first half of 2017 could indicate that these organizations are not necessarily mature enough to pay the required attention to the protection of industrial computers. Their computerized automation systems might be relatively new and an industrial cybersecurity culture is still being developed in these organizations.
在2017年下半年(與2017年上半年相比),工控系統計算機受攻擊上升最為明顯的行業是建築業,有31%受到攻擊。與2017年上半年相比,建築行業受到攻擊的工控系統計算機的比例相對較高,這可能表明這些機構未必足夠成熟,無法對工業計算機的保護給予必要的關注。他們的計算機自動化系統可能相對較新,並且這些組織仍未確立工業網絡安全意識。
The lowest percentage of ICS attacks – 15 percent – has been found in enterprises specializing in developing ICS software, meaning that their ICS research/development laboratories, testing platforms, demo stands and training environment are also being attacked by malicious software, although not as often as the ICS computers of industrial enterprises. Kaspersky Lab ICS CERT experts point to the significance of ICS vendors’ security, because the consequences of an attack spreading over the vendor’s partner ecosystem and customer base could be very dramatic – as seen during the ExPetr malware epidemic.
專注於開發工控系統軟件的企業受攻擊比例最低,僅為15% ,不過這意味著這些工控系統研究/開發實驗室、測試平臺、演示臺和培訓環境也會受到惡意軟件的攻擊,儘管不像工業企業的工控系統計算機那麼頻繁。卡巴斯基實驗室工控系統網絡應急響應小組專家了指出工控系統供應商安全的重要性,因為對供應商合作伙伴生態系統和客戶群的攻擊蔓延的後果可能非常強烈——正如ExPetr惡意軟件流行期間所發生的。
Among the new trends of 2017, Kaspersky Lab ICS CERT researchers have discovered a rise in mining attacks on ICS. This growth trend began in September 2017, along with an increase in the cryptocurrency market and miners in general. But in the case of industrial enterprises, this type of attack can pose a greater threat by creating a significant load on computers, and as a result, negatively affecting the operation of the enterprise’s ICS components and threatening their stability.
在2017年的新趨勢中,卡巴斯基實驗室工控系統網絡應急響應小組的研究人員發現了對工控系統挖礦攻擊的增加。這種增長趨勢始於2017年9月,伴隨加密貨幣市場火爆和礦工總體增加。但對工業企業而言,這類攻擊可能會對計算機造成重大負擔從而構成更大的威脅,對企業的工控系統組件的運行產生負面影響並威脅其穩定性。
Overall, during the period from February 2017 to January 2018, cryptocurrency mining programs attacked three percent of industrial automation system computers, in most cases accidentally.
總的來說,在2017年2月至2018年1月期間,加密電子貨幣挖掘程序攻擊了3%的工業自動化系統計算機,絕大多數是意外攻擊。
Other highlights from the report include:
報告的其他亮點包括:
Kaspersky Lab products blocked attempted infections on 38% of ICS computers protected by them. This is 1.4 percentage points less than in the second half of 2016.
The internet remains the main source of infection with 22.7% of ICS computers attacked. This is two percent higher than in the first six months of the year. The percentage of blocked web-borne attacks in Europe and North America is substantially lower than elsewhere.
The top five countries by percentage of ICS computers attacked has remained unchanged since reported in the first half of 2017. This includes Vietnam (70%), Algeria (66%), Morocco (60%), Indonesia (60%) and China (60%).
In the second half of 2017, the number of different malware modifications detected by Kaspersky Lab solutions installed on industrial automation systems increased from 18,000 to over 18,900.
In 2017, 11% of all ICS systems were attacked by botnet agents, a malware that secretly infects machines and includes them in a botnet network for remote command execution; the main sources of attacks like this were the internet, removable media and email messages.
In 2017, Kaspersky Lab ICS CERT identified 63 vulnerabilities in industrial systems and IIoT/IoT systems, and 26 of them have been fixed by vendors.
有38%的受卡巴斯基實驗室產品保護的工控系統計算機遭遇攻擊,比2016年下半年減少1.4個百分點。
-
互聯網仍然是主要感染源,有22.7%的工控系統計算機遭受攻擊,比當年前六個月高出兩個百分點。歐洲和北美網絡攻擊受阻的比例明顯低於其他地區。
自2017年上半年報告以來,工控系統計算機遭受攻擊的前五位國家百分比保持不變。其中包括越南(70%),阿爾及利亞(66%),摩洛哥(60%),印度尼西亞(60%)和中國( 60%)。
在2017年下半年,安裝在工業自動化系統上的卡巴斯基實驗室解決方案檢測到的不同惡意軟件修改數量從18,000個增加到18,900個以上。
2017年,所有工控系統中有11%受到殭屍網絡代理的攻擊,這是一種惡意軟件,它會秘密感染機器並將其包含在殭屍網絡中以執行遠程命令,這種攻擊的主要來源是互聯網、可移動媒介和電子郵件。
2017年,卡巴斯基實驗室工控系統網絡應急響應小組發現了工業系統和工業物聯網 / 物聯網系統中的63個漏洞,其中26個已被供應商修復。
“The results of our research into attacked ICS computers in various industries have surprised us, “said Evgeny Goncharov, head of Kaspersky Lab ICS CERT. “For example, the high percentage of ICS computers attacked in power and energy companies demonstrated that the enterprises’ effort to ensure cybersecurity of their automation systems after some serious incidents in the industry is not enough, and there are multiple loopholes still there that cybercriminals can use.”
卡巴斯基實驗室工控系統網絡應急響應小組負責人Evgeny Goncharov表示:“我們對各行業受攻擊工控系統計算機的研究結果讓我們感到驚訝。例如,電力和能源公司遭受工控系統計算機攻擊的比例很高,這表明企業在行業發生嚴重事故後確保其自動化系統網絡安全的努力是不夠的,留給網絡犯罪分子利用的漏洞仍然很多。”
Kaspersky Lab ICS CERT recommends the following technical measures to be taken:
卡巴斯基實驗室工控系統網絡應急響應小組建議採取以下技術措施:
Regularly update operating systems, application software and security solutions on systems that are part of the enterprise’s industrial network.
Restrict network traffic on ports and protocols used on the edge routers and inside organization's OT networks.
Audit ICS component access control in the enterprise’s industrial network and at its boundaries.
Deploy dedicated endpoint protection solutions onto ICS servers, workstations and HMIs to secure OT and industrial infrastructure from random cyberattacks.
Deploy network traffic monitoring, analysis and detection solutions for better protection from targeted attacks.
定期更新企業工業網絡系統中的的操作系統、應用軟件和安全方案。
限制邊緣路由器和企業運營網絡內使用的端口和協議的網絡流量。
在企業工業網絡及其邊界內,審核工控系統組件訪問控制。
將專用端點保護解決方案部署到工控系統服務器、工作站和人機界面上,以保護運營和工業基礎設施免受隨機網絡攻擊。
部署網絡流量監控、分析和檢測解決方案,以更好地防範有針對性的攻擊。
閱讀更多 工控參考 的文章
