Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Over Half of ICS Security Incidents Reported in 2014 Involved APTs: ICS-CERT

A recent report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) shows that while ICS vendors have been targeted by various types of malicious actors, over half of the attacks reported to the agency in 2014 involved advanced persistent threats (APTs).

A recent report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) shows that while ICS vendors have been targeted by various types of malicious actors, over half of the attacks reported to the agency in 2014 involved advanced persistent threats (APTs).

According to the “ICS-CERT Monitor” newsletter for the period between September 2014 and February 2015, a total of 245 incidents were reported to the organization in the fiscal year 2014.

The report revealed that well over half of the incidents affected the energy (32%) and the critical manufacturing (27%) sectors. Communications, water, transportation, healthcare, and government facilities sectors each accounted for 5-6% of the total number of ICS incidents.

Roughly 55% of the incidents involved APTs. Sophisticated threat actors target ICS vendors for reconnaissance, economic espionage, and for other reasons, ICS-CERT noted. Some of the attacks were carried out by insiders, hacktivists and criminals, but in many cases the perpetrators remained unknown due to the lack of attributional data.

The list of incidents reported to ICS-CERT in 2014 included unauthorized access and exploitation of ICS/SCADA devices connected to the Internet, exploitation of zero-day flaws in control system software and devices, SQL injection attacks via vulnerable Web apps, malware infections in air-gapped networks, lateral movement between network zones, network probing, watering hole attacks, and targeted spear-phishing campaigns.

The access vector was unknown in many of the incidents, mainly due to the lack of monitoring and detection capabilities in the targeted networks. Network scanning was identified as the access vector in 22% of cases, followed by spear phishing with 17%.

ICS-CERT has noted that the 245 incidents it has analyzed are only the ones reported by the asset owners or third-party agencies and researchers. The organization believes many breaches and intrusion attempts went unreported.

Researchers and vendors submitted a total of 159 reports involving control system component vulnerabilities in 2014. The security issues, which included authentication, buffer overflow and denial-of-service (DoS) vulnerabilities, affected systems most commonly deployed in the energy sector.

Advertisement. Scroll to continue reading.

ICS-CERT issued alerts for two campaigns over the last year. One of them focused on the use of the Havex RAT in attacks aimed at ICS, and the second was related to BlackEnergy attacks exploiting vulnerabilities in products from GE, Advantech/Broadwin, and Siemens.

One of the most serious ICS-related cyber security incidents in 2014 targeted a steel plant in Germany. The country’s Federal Office for Information Security reported that the attack caused significant damage to the facility.

Register Your Interest to Get the Latest Updates for the 2015 ICS Cyber Security Conference

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as Chief Information Security Officer for the Americas.

Tim McKnight has joined UnitedHealth Group as CISO following the Change Healthcare ransomware attack.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.