Threat Landscape for Industrial Automation Systems in H2 2018
Kaspersky Lab ICS CERT team publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2018.
Ray DeMeo, co-founder and chief operating officer at security solution provider Virsec, commented on the limitations of the report:
“The industrial automation space is definitely vulnerable and raising awareness of this is important. However, this report perpetuates outdated models of how to address these advanced security issues and only reports on what perimeter tools like Kaspersky can see – repetitive known malware, used by copycat hackers.
Kaspersky refers to the threat from targeted attacks as a “myth” – this attitude is both naïve and dangerous. Numerically, there are of course more instances of unsophisticated script kiddies running known tools repetitively, but these are easily stopped by the most basic AV tools, along with user training.
The vast majority of damage, disruption, financial loss and fear around industrial security comes from new, targeted attacks that have never been seen and cannot be detected by signature-based tools. Triton, Industroyer, WannaCry, Blackenergy, Greyenegy and others all started as targeted attacks aimed at specific organizations and specific types of ICS systems, and caused tens of billions in damages. These can only be detected and stopped by security tools that guardrail how applications actually execute, as opposed to chasing elusive threats.”