Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Over Half of ICS Security Incidents Reported in 2014 Involved APTs: ICS-CERT

A recent report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) shows that while ICS vendors have been targeted by various types of malicious actors, over half of the attacks reported to the agency in 2014 involved advanced persistent threats (APTs).

A recent report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) shows that while ICS vendors have been targeted by various types of malicious actors, over half of the attacks reported to the agency in 2014 involved advanced persistent threats (APTs).

According to the “ICS-CERT Monitor” newsletter for the period between September 2014 and February 2015, a total of 245 incidents were reported to the organization in the fiscal year 2014.

The report revealed that well over half of the incidents affected the energy (32%) and the critical manufacturing (27%) sectors. Communications, water, transportation, healthcare, and government facilities sectors each accounted for 5-6% of the total number of ICS incidents.

Roughly 55% of the incidents involved APTs. Sophisticated threat actors target ICS vendors for reconnaissance, economic espionage, and for other reasons, ICS-CERT noted. Some of the attacks were carried out by insiders, hacktivists and criminals, but in many cases the perpetrators remained unknown due to the lack of attributional data.

The list of incidents reported to ICS-CERT in 2014 included unauthorized access and exploitation of ICS/SCADA devices connected to the Internet, exploitation of zero-day flaws in control system software and devices, SQL injection attacks via vulnerable Web apps, malware infections in air-gapped networks, lateral movement between network zones, network probing, watering hole attacks, and targeted spear-phishing campaigns.

The access vector was unknown in many of the incidents, mainly due to the lack of monitoring and detection capabilities in the targeted networks. Network scanning was identified as the access vector in 22% of cases, followed by spear phishing with 17%.

ICS-CERT has noted that the 245 incidents it has analyzed are only the ones reported by the asset owners or third-party agencies and researchers. The organization believes many breaches and intrusion attempts went unreported.

Researchers and vendors submitted a total of 159 reports involving control system component vulnerabilities in 2014. The security issues, which included authentication, buffer overflow and denial-of-service (DoS) vulnerabilities, affected systems most commonly deployed in the energy sector.

ICS-CERT issued alerts for two campaigns over the last year. One of them focused on the use of the Havex RAT in attacks aimed at ICS, and the second was related to BlackEnergy attacks exploiting vulnerabilities in products from GE, Advantech/Broadwin, and Siemens.

One of the most serious ICS-related cyber security incidents in 2014 targeted a steel plant in Germany. The country’s Federal Office for Information Security reported that the attack caused significant damage to the facility.

Register Your Interest to Get the Latest Updates for the 2015 ICS Cyber Security Conference

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.