Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Российская Технологическая Конференция Honeywell
INDUSTRIAL THREAT LANDSCAPE.
KASPERSKY LAB ICS CERT STATS
Vladimir Dashchenko, Head
of Vulnerability Research
01.11.2017
Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.
Current industrial cyberthreat landscape
1
2 5 6
12
1 4 5 9 6
13
9
19
69
192
158
181 189
1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
IDENTIFIED VULNERABILITIES
Number of vulnerabilities
Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.
Current industrial cyberthreat landscape
2
0 2 4 6 8 10 12 14 16 18
Buffer Overflow
Buid-in credentials
XSS
Authentication bypass
CSRF
Incorrect input validation
Unsecured data transefer
Unsecured data storage
Password recovery
Arbitrary file upload
SQL-injections
Vulnerability classes
Vulnerabilities in 2015
Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.
KL ICS CERT Structure
3
Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.
Vulnerability Research Statistics
4
14
68
93 5
1 10
10
20
30
40
50
60
70
80
Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.
Vulnerability Research Statistics
5
42
44
46
48
50
52
54
56
Patched Not patched
Identified vulnerabilities
Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.
Incident Response
6
• Ransomware in ICS x 2
• Backdoor in ICS x 2
• DoS of technological process x 1
• General responses
Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.
Industry Statistics
7
• Every 3rd ICS computer under
attack was in manufacturing
companies
ICS computers in manufacturing
companies that produce various
materials, equipment and goods
accounted for about one third of all
attacks
Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.
Monthly Statistics
8
Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.
European Statistics
9
29,0%
71,0%
% attacked ICS in Europe (2017 H1)
Ukraine 46,28%
Portugal 46,10%
Russian Federation 42,95%
Poland 37,77%
Spain 32,22%
Romania 29,29%
Italy 28,55%
France 22,36%
United Kingdom 22,99%
Czech Republic 19,83%
Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.
European Statistics
10
15,5%
3,9%3,6%
0,7% 0,5% 0,3% 0,1%0%
2%
4%
6%
8%
10%
12%
14%
16%
18%
internet mail removable win_restore network backups sync_folders
% attacked ICS in Europe (2017 H1)
Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.
Ransomware Nightmare
11
• 0.5% of computers
in the industrial infrastructure of
organizations were attacked by
encryption ransomware at least
once.
• ICS computers in 63 countries
across the globe were under
numerous encryption
ransomware attacks
• 33 different families of
encryption ransomware were
blocked on ICS computers
WANNACRY13.4% of all computers in
industrial infrastructure
attacked
The most affected
organizations included
healthcare institutions and
government sector
EXPETRat least 50% of the companies
from manufacturing, and Oil&Gas
industries attacked
Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.
Source of Infection
12
• Internet – the main source of
threats
• Field statistics: 3rd party
contractors can cause a
damage
• 18,000 different modifications
of malware belonging to more
than 2,500 different families
Honeywell Confidential - © 2017 by Honeywell International Inc. All rights reserved.
What’s next?
13
Kaspersky
Lab
ICS CERT
Vulnerability research in common solutions and platforms
IoT, IIoT, Connected Devices, Medical Devices
Backdoor research
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Takeaways
14
• Cooperation
• Knowledge sharing
• Two-ways information
exchange
• Response and investigation
(faster – better)
• Forensics
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
15
Let’s talk!
Vladimir Dashchenko, Head of Vulnerability Research, Kaspersky Lab ICS CERT
ics-cert.kaspersky.ru
www.kaspersky.com