Kaspersky publishes overview of industrial cybersecurity incidents in H1 2023
New data released by researchers from the Kaspersky ICS CERT team identified that ransomware and other criminally motivated attacks have become a ‘plague’ on industrial organizations around the world during the first six months of this year. The situation is increasingly concerning. In its H1 2022 report, research disclosed that there were seven hacktivist attacks and 10 criminal ransomware incidents. In H2 2022, this surged to 40 cybercrime cases and one hacktivist attack. The current report reveals a staggering 67 cybercrime cases.
The report identified that “to get a more objective idea of the estimated number of organizations whose data has been put up for sale to the public, take the figures in our reports and multiply them by 10. Then there’s the organizations that don’t know they’ve been compromised (because the attackers didn’t demand a ransom and didn’t publicly post the name of the organization and examples of stolen data), which is at least 10 times larger too. So the real size of the iceberg turns out to be larger than its tip by two orders of magnitude.”
Kaspersky research identified that 25.37 percent of attacks affected the manufacturing sector, while 14.93 percent targeted the automotive segment; 11.94 percent struck power and energy sector; and 8.96 percent affected the electronics sector. Additionally, 7.46 percent targeted the utility sector and 5.97 percent affected the food and beverage sector.
The report disclosed that among all organizations that suffered attacks, the vast majority relate to industrial manufacturing, which is the most numerous and diverse category of potential victims among industrial organizations. “They also have many secrets that potential buyers are willing to pay for, while being less regulated (in the sense of not being able to pay a ransom), and not as zealously protected by the state as, for example, the energy sector (which means less criminal liability for attackers).”
Additionally, in the industrial production sector, a particularly large number of attacked organizations were related to automobile production (a sad fact given the general difficulties facing the automobile market), and the transport industry as a whole, including organizations related to shipbuilding and logistics.
The second major area in the industrial production sector under attack was the production of microelectronics, which is a key industry that affects a large number of markets, including the automotive industry.
The report also identified various real sector industries affected, including metallurgy, pharmaceuticals, mining, food production, construction, and many others.
“We were surprised to see a well-known manufacturer of snowboarding equipment, clothing and gear, and even two manufacturers of firefighting equipment on the list as well,” Kaspersky reported. “It’s likely that the appearance of any organization in these lists, no matter the market or niche, will come as a surprise anymore. Among the industries not directly related to production, the most affected sectors (by number of victims) were utilities, transport and logistics, oil and gas, and electricity suppliers.”
Furthermore, the report pointed out that “as for the electric power industry as a whole, including manufacturers of specialized equipment and software, as well as suppliers of related services, it was one of the most affected sectors in this half of the year, second only to industrial production.”
Kaspersky also reported a large number of major and recognizable names among victims. “Unfortunately, even big budgets allocated for information security turn out to be insufficient. And since such companies try not to disclose attack details (probably in fear of additional direct losses), it’s difficult to judge the real scale of damage based on data from public sources. Just keep in mind the theoretical possibility of their partners and clients being compromised as well.”
It also found that many organizations, including at least three major companies, were compromised through an unpatched vulnerability in two different MFT (Managed File Transfer) products. “These file transfer solutions are used by large organizations, including to keep information “secure” (as their developers claim), yet continue to be a source of security issues for their clients.”
The report added that it is also worth noting that large industrial organizations are often unable to quickly patch dangerous vulnerabilities in the technological networks of their enterprises and on the perimeter of the office network.
Kaspersky also observed that for many industrial organizations, in addition to data leaks and disruptions to internal IT systems, cyberattacks were also a direct cause of unscheduled shutdowns and downtime in the production and shipping of products, in some cases lasting for weeks and resulting in direct losses totaling hundreds of millions of dollars. “Today, the risk of a cyberattack on any business has moved into a whole new category and can no longer be ignored by the top officials of any industrial enterprise in any sector and of any type,” it added.
Last month, the Kaspersky ICS CERT team revealed that in the first half of this year, the percentage of ICS (industrial control systems) computers on which malicious objects were blocked decreased globally from the second half of 2022, by just 0.3 pp to 34 percent. Furthermore, the percentage of attacked ICS computers decreased in the first quarter.
Related
