Though sophisticated attacks on industrial control systems (ICSs) are nothing new, many large organizations likely have ICS components connected to the internet that could be at risk of exploitation by cybercriminals.
According to a new investigation by Kaspersky Lab, 17,042 ICS components on 13,698 different hosts exposed to the internet likely belong to large organizations—including those in the food and beverage manufacturing industry.
“The number of ICS components available over the internet increases every year, and the expansion of the internet makes ICS easy prey for attackers,” the report states. “Taking into account that, initially, many ICS solutions and protocols were designed for isolated environments, their new online availability can make it possible for a malicious user to cause impact on the infrastructure behind the ICS, due to its lack of internet-ready security controls. Moreover, some components are vulnerable themselves.”
Kapersky says ideally ICSs should be run in a physically isolated environment to minimize the threat of attack. But the report shows thousands of hosts are being exposed, with 91.1 percent of these ICS hosts having vulnerabilities that can be exploited remotely. In addition, 3.3 percent of ICS hosts located in these organizations contain critical vulnerabilities that can be exploited remotely. While connected systems are more flexible and able to react quickly to critical situations and implement updates, they also give criminals a chance to remotely control critical ICS components.
Major findings of the report include:
— In total, 188,019 hosts with ICS components available via the Internet have been identified in 170 countries.
— Most of the remotely available hosts with ICS components installed are located in the US (30.5 percent - 57,417) and Europe. In Europe, Germany has a leading position (13.9 percent - 26,142 hosts), followed by Spain (5.9 percent - 11,264 hosts) and France (5.6 percent - 10,578 hosts).
— Ninety-two percent (172,982) of remotely available ICS hosts have vulnerabilities. Eighty-seven percent of these hosts contain medium risk vulnerabilities, and 7 percent of them have critical vulnerabilities.
— The number of vulnerabilities in ICS components has increased tenfold during the past five years: from 19 vulnerabilities in 2010 to 189 vulnerabilities in 2015. The most vulnerable ICS components were Human Machine Interfaces (HMIs), electric devices and SCADA systems.
— Almost 92 percent (91.6 percent - 172,338 different hosts) of all the externally available ICS devices use weak internet connection protocols, which provides the opportunity for attackers to conduct ‘man in the middle’ attacks.
“There is no 100 percent guarantee that a particular ICS installation won’t have at least one vulnerable component at any single moment in time,” says Andrey Suvorov, head of critical infrastructure protection, Kaspersky Lab. “However, this doesn’t mean that there is no way to protect a factory, a power plant, or even a block in a smart city from cyber-attacks. Simple awareness of vulnerabilities in the components used inside a particular industrial facility is the basic requirement for security management of the facility.”