Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Critical Infrastructure Incidents Increased in 2015: ICS-CERT

A total of 295 incidents involving critical infrastructure in the U.S.

A total of 295 incidents involving critical infrastructure in the U.S. were reported to the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in the fiscal year 2015, compared to 245 in the previous year.

Statistics provided by ICS-CERT for 2015 show that one-third of the incidents impacted the critical manufacturing sector, which in 2014 accounted for 27 percent of incidents.

The increase was the result of a spear-phishing campaign launched by an advanced persistent threat (APT) actor against organizations in critical manufacturing and other sectors. The attacker, believed to be the threat group known as APT3, exploited a zero-day vulnerability in Adobe Flash Player (CVE-2015-3113) in its operations.

In 2014, the same actor launched a reconnaissance operation in which it used social engineering tactics to trick the employees of the targeted organizations into handing over valuable information, ICS-CERT said.

The energy sector, which in 2014 accounted for 32 percent of critical infrastructure incidents, reported only 46 incidents in 2015, which represents 16 percent of the total. Incidents were also reported in sectors such as water (25), transportation systems (23), government facilities (18), healthcare (14) and communications (13).

ICS-CERT said it responded to a significant number of incidents involving improperly configured infrastructure where ICS networks were connected to corporate networks and even directly to the Internet.

While in more than one-third of cases investigators could not determine the infection vector used by the attackers, more than 100 incidents involved spear phishing.

The number of reports regarding network scans and probes by external parties decreased by more than 50 percent in 2015 compared to the previous year. However, ICS-CERT noted that this trend could mean organizations are becoming better at handling such low-level issues on their own, and not necessarily a drop in the frequency of scanning and probing attempts.

Advertisement. Scroll to continue reading.

On one hand, ICS-CERT has found that in 69 percent of incidents there had been no evidence that the attackers successfully breached the targeted organization, compared to 49 percent in 2014. On the other hand, the agency pointed out that the number of successful intrusions into control system environments increased from 9 percent in 2014 to 12 percent in 2015. In 12 percent of cases there was indication that the attackers gained access to the target’s business network.

ICS-CERT’s report is based on information from asset owners, the Information Sharing and Analysis Center (ISAC), third-parties and researchers, and US government sources. However, the agency noted that not everyone shares incident reports.

Recent events in Ukraine, where malware attacks resulted in massive power outages, have demonstrated the damage a malicious cyber actor can cause if it gains access to critical infrastructure systems. The attacks in Ukraine involved BlackEnergy malware and they have been blamed on Russia, although there is no solid evidence to support the allegations.

Related: Ukraine Accuses Russia of Cyber Attack on Kiev Airport

Related: Learn More at the ICS Cyber Security Conference

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...

Cybercrime

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.