In the age of Industry 4.0, the integration of technologies and networks in the industrial environment is advancing rapidly. As a result, industrial companies are increasingly becoming potential targets for cyber criminals. By exploiting vulnerabilities in the software and networks used in industry, attackers are able to steal information about production processes or even paralyze production.

The study conducted by Kaspersky CERT (Computer Emergency Response Team) on cyber threats to industrial control systems (ICS) shows that cyber threats to industrial computers are on the rise. In the second half of 2016, 22% of computers used in industrial environments were blocked from downloading malware and accessing phishing sites. This means that almost one in five machines was exposed to an infection or a compromise of access data via the internet.

However, the Internet is not the only source of threat; removable storage devices also pose a major problem. For example, 10.9% of computers with ICS software installed (or connected to computers that have it installed) were found to have traces of malware after a removable disk connection during the study period.

In addition, 8.1% of the industrial computers analyzed by Kaspersky Lab blocked malicious email attachments and scripts embedded in emails. The malware is usually hidden in Office documents (MS Office or PDF). The attackers use social engineering techniques to persuade employees to download the compromised files and execute the malware on industrial computers.

The malware used to attack industrial companies includes spyware, backdoors, keyloggers, financial malware, ransomware and wiper programs. The malware is able to influence a company's control over its ICS system. They can also carry out targeted attacks or gain remote control.

"Our analysis shows that cybersecurity approaches that isolate technological networks from the Internet no longer work today," says Evgeny Goncharov, Head of Critical Infrastructure Defense Department at Kaspersky Lab. "The rise of cyber threats to critical infrastructure systems requires appropriate malware protection measures for industrial control systems - both inside and outside the network perimeter. In addition, companies in the industrial environment should be aware that an attack almost always comes from the weakest security link - the human being."

Further results of the Kaspersky study

• Every fourth targeted attack discovered in 2016 was aimed at industrial systems.
• Almost 20,000 different malware samples, which can be assigned to 2,000 malware families, appeared on industrial automation systems during the period under investigation.
• In 2016, Kaspersky Lab discovered 75 industry-relevant vulnerabilities. Of these, 58 were classified as very critical.

Recommended safety measures for the industry

To adequately protect ICS environments from cyberattacks, Kaspersky Lab experts recommend the following measures:

• Conduct security assessments to identify and eliminate security loopholes;
• Involve external intelligence to forecast future threats and implement appropriate defenses;
• Security training for employees increases the level of security in industrial companies;
• Protection inside and outside the network perimeter: a modern security strategy must provide appropriate attack detection and defense resources to block attacks before a critical system is affected;
• The use of advanced protection methods, such as default deny scenarios for SCADA systems, regular integration checks for control systems and specialized network monitoring can increase corporate security, even though vulnerable systems can no longer be patched for support reasons.