industrial threat landscape. kaspersky lab ics cert … · Российская...

Российская Технологическая Конференция Honeywell

INDUSTRIAL THREAT LANDSCAPE.

KASPERSKY LAB ICS CERT STATS

Vladimir Dashchenko, Head

of Vulnerability Research

01.11.2017

Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.

Current industrial cyberthreat landscape

1

2 5 6

12

1 4 5 9 6

13

9

19

69

192

158

181 189

1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015

IDENTIFIED VULNERABILITIES

Number of vulnerabilities


Current industrial cyberthreat landscape

2

0 2 4 6 8 10 12 14 16 18

Buffer Overflow

Buid-in credentials

XSS

Authentication bypass

CSRF

Incorrect input validation

Unsecured data transefer

Unsecured data storage

Password recovery

Arbitrary file upload

SQL-injections

Vulnerability classes

Vulnerabilities in 2015


KL ICS CERT Structure

3


Vulnerability Research Statistics

4

14

68

93 5

1 10

10

20

30

40

50

60

70

80


Vulnerability Research Statistics

5

42

44

46

48

50

52

54

56

Patched Not patched

Identified vulnerabilities


Incident Response

6

• Ransomware in ICS x 2

• Backdoor in ICS x 2

• DoS of technological process x 1

• General responses


Industry Statistics

7

• Every 3rd ICS computer under

attack was in manufacturing

companies

ICS computers in manufacturing

companies that produce various

materials, equipment and goods

accounted for about one third of all

attacks


Monthly Statistics

8


European Statistics

9

29,0%

71,0%

% attacked ICS in Europe (2017 H1)

Ukraine 46,28%

Portugal 46,10%

Russian Federation 42,95%

Poland 37,77%

Spain 32,22%

Romania 29,29%

Italy 28,55%

France 22,36%

United Kingdom 22,99%

Czech Republic 19,83%


European Statistics

10

15,5%

3,9%3,6%

0,7% 0,5% 0,3% 0,1%0%

2%

4%

6%

8%

10%

12%

14%

16%

18%

internet mail removable win_restore network backups sync_folders

% attacked ICS in Europe (2017 H1)


Ransomware Nightmare

11

• 0.5% of computers

in the industrial infrastructure of

organizations were attacked by

encryption ransomware at least

once.

• ICS computers in 63 countries

across the globe were under

numerous encryption

ransomware attacks

• 33 different families of

encryption ransomware were

blocked on ICS computers

WANNACRY13.4% of all computers in

industrial infrastructure

attacked

The most affected

organizations included

healthcare institutions and

government sector

EXPETRat least 50% of the companies

from manufacturing, and Oil&Gas

industries attacked


Source of Infection

12

• Internet – the main source of

threats

• Field statistics: 3rd party

contractors can cause a

damage

• 18,000 different modifications

of malware belonging to more

than 2,500 different families


What’s next?

13

Kaspersky

Lab

ICS CERT

Vulnerability research in common solutions and platforms

IoT, IIoT, Connected Devices, Medical Devices

Backdoor research


Takeaways

14

• Cooperation

• Knowledge sharing

• Two-ways information

exchange

• Response and investigation

(faster – better)

• Forensics


15

Let’s talk!

Vladimir Dashchenko, Head of Vulnerability Research, Kaspersky Lab ICS CERT

[email protected]

ics-cert.kaspersky.ru

www.kaspersky.com

mailto:[email protected]

industrial threat landscape. kaspersky lab ics cert … · Российская...

Documents