Kaspersky has released a report suggesting a rise in the number of cyberattacks in the oil and gas industry in H1 2020 as compared to H2 2019. The report comprises the telemetry threat data from SCADA servers, data storage servers, OPC (data gateways), and Human Machine Interface (HMI), among others that are categorized by Kaspersky ICS CERT as industrial infrastructure at organizations.

Key insights

As per the Kaspersky report, despite a slight reduction in the attacks on the ICS environments during the pandemic, the oil and gas sector as well as building automation systems witnessed an increase in targeted attacks.
  • The analysis says: “The percentage of ICS computers on which malicious objects were blocked grew from 38% in H2, 2019 to 39.9% in H1, 2020 in the building automation industry and from 36.3% to 37.8% in the oil and gas industry.”
  • This rise in the percentage of ICS attacks is noteworthy due to heightened exploitation of Remote Desktop Protocol (RDP) between February to June, 2020.
  • Meanwhile, sectors including energy, engineering & integrations, and automotive engineering witnessed a dip in cyberattacks.
  • As for regional statistics, Asia (Southeast Asia specifically), Africa, Southern, and Eastern Europe saw the highest percentage of ICS attacks followed by Australia, Europe, the U.S., and Canada.

Top threat sources

  • The top threat sources are the same as earlier, such as internet threats (16.7%), removable media (5.8%), and malicious email attachments (3.4%).
  • The researchers have observed more families of backdoors, spyware, Win32 exploits, and malware built on the .Net platform belonging to over 4,100 families and worms written in script languages, specifically Python and PowerShell.

Recent incidents and warnings in automation

  • In August, the FBI issued a warning stating that Russian hackers have been scanning the internet to find critical infrastructure providers, particularly in the energy sector.
  • In the same month, another report by Trend Micro suggested that attackers may be abusing the industrial programming languages to attack robots and programmable manufacturing properly
  • In July, EKANS ransomware was found targeting a variety of methods to compromise key industrial companies following an earlier campaign in February.

Worth noting

Cyber threats on industrial systems are becoming more targeted, and as a result, more potent and complex. Organizations are recommended to implement strict security measures to secure all their networks, endpoints, and controllers.

Cyware Publisher