industrial threat landscape. kaspersky lab ics cert … · Российская...

Российская Технологическая Конференция Honeywell

INDUSTRIAL THREAT LANDSCAPE.

KASPERSKY LAB ICS CERT STATS

Vladimir Dashchenko, Head

of Vulnerability Research

01.11.2017

Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.

Current industrial cyberthreat landscape

1

2 5 6

12

1 4 5 9 6

13

9

19

69

192

158

181 189

1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015

IDENTIFIED VULNERABILITIES

Number of vulnerabilities

Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.

Current industrial cyberthreat landscape

2

0 2 4 6 8 10 12 14 16 18

Buffer Overflow

Buid-in credentials

XSS

Authentication bypass

CSRF

Incorrect input validation

Unsecured data transefer

Unsecured data storage

Password recovery

Arbitrary file upload

SQL-injections

Vulnerability classes

Vulnerabilities in 2015

Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.

KL ICS CERT Structure

3

Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.

Vulnerability Research Statistics

4

14

68

93 5

1 10

10

20

30

40

50

60

70

80

Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.

Vulnerability Research Statistics

5

42

44

46

48

50

52

54

56

Patched Not patched

Identified vulnerabilities

Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.

Incident Response

6

• Ransomware in ICS x 2

• Backdoor in ICS x 2

• DoS of technological process x 1

• General responses

Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.

Industry Statistics

7

• Every 3rd ICS computer under

attack was in manufacturing

companies

ICS computers in manufacturing

companies that produce various

materials, equipment and goods

accounted for about one third of all

attacks

Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.

Monthly Statistics

8

Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.

European Statistics

9

29,0%

71,0%

% attacked ICS in Europe (2017 H1)

Ukraine 46,28%

Portugal 46,10%

Russian Federation 42,95%

Poland 37,77%

Spain 32,22%

Romania 29,29%

Italy 28,55%

France 22,36%

United Kingdom 22,99%

Czech Republic 19,83%

Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.

European Statistics

10

15,5%

3,9%3,6%

0,7% 0,5% 0,3% 0,1%0%

2%

4%

6%

8%

10%

12%

14%

16%

18%

internet mail removable win_restore network backups sync_folders

% attacked ICS in Europe (2017 H1)

Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.

Ransomware Nightmare

11

• 0.5% of computers

in the industrial infrastructure of

organizations were attacked by

encryption ransomware at least

once.

• ICS computers in 63 countries

across the globe were under

numerous encryption

ransomware attacks

• 33 different families of

encryption ransomware were

blocked on ICS computers

WANNACRY13.4% of all computers in

industrial infrastructure

attacked

The most affected

organizations included

healthcare institutions and

government sector

EXPETRat least 50% of the companies

from manufacturing, and Oil&Gas

industries attacked

Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.

Source of Infection

12

• Internet – the main source of

threats

• Field statistics: 3rd party

contractors can cause a

damage

• 18,000 different modifications

of malware belonging to more

than 2,500 different families

Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.

What’s next?

13

Kaspersky

Lab

ICS CERT

Vulnerability research in common solutions and platforms

IoT, IIoT, Connected Devices, Medical Devices

Backdoor research

Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.

Takeaways

14

• Cooperation

• Knowledge sharing

• Two-ways information

exchange

• Response and investigation

(faster – better)

• Forensics

Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.

15

Let’s talk!

Vladimir Dashchenko, Head of Vulnerability Research, Kaspersky Lab ICS CERT

Vladimir.Dashchenko@Kaspersky.com

ics-cert.kaspersky.ru

www.kaspersky.com