{"id":14602,"date":"2019-10-01T09:17:16","date_gmt":"2019-10-01T03:47:16","guid":{"rendered":"https:\/\/www.technologyforyou.org\/?p=14602"},"modified":"2019-10-01T09:17:16","modified_gmt":"2019-10-01T03:47:16","slug":"mining-spying-self-replicating-energy-sector-under-cyber-threat-pressure","status":"publish","type":"post","link":"https:\/\/www.technologyforyou.org\/mining-spying-self-replicating-energy-sector-under-cyber-threat-pressure\/","title":{"rendered":"Mining, Spying, Self-replicating, Energy sector under Cyber threat pressure"},"content":{"rendered":"
\n

Kaspersky solutions were triggered on almost half of industrial control system (ICS) computers in the energy sector globally in the first six months of 2019.<\/span><\/strong><\/p>\n<\/blockquote>\n

The top three cyber threats were worms, spyware, and crypto currency miners \u2013 together, they combined to make almost 14% of the share of targeted computers. These are among the main findings of the Kaspersky ICS CERT report on the industrial threat landscape in the first half of 2019.<\/strong><\/span><\/p>\n

Industrial cyber incidents are among the most dangerous as they may result in production downtime and tangible financial losses and are quite hard to overcome. This is especially the case when the incident occurs in critical, life-supporting sectors, such as energy. <\/span><\/p>\n

Statistics for H1 2019, automatically processed by Kaspersky security technologies, have shown that those who manage energy solutions should not let their guard down. Overall, during the observed period of time, Kaspersky products were triggered on 41.6% of ICS computers in the energy sector. A large number of conventional malware samples not designed for ICS\u00a0 were blocked.<\/span><\/p>\n

Among the malicious programs which were blocked, the greatest danger was posed by crypto currency miners (2.9%), worms (7.1%), and a variety of versatile spyware (3.7%). Infection with such malware can negatively affect the availability and integrity of ICS and other systems that are part of the industrial network. Among these detected threats, some are of particular interest.<\/span><\/p>\n

This includes AgentTesla, specialized Trojan Spy malware, designed to steal authentication data, screenshots, and data captured from the web camera and keyboard. In all of the analyzed cases, the attackers sent data via compromised mailboxes at various companies. Aside from malware threat, Kaspersky products also identified and blocked cases of the Meterpreter backdoor which was being used to remotely control computers on the industrial networks of energy systems. Attacks that use the backdoor are targeted and stealthy and are often conducted in manual mode. The ability of the attackers to control infected ICS computers stealthily and remotely poses a huge threat to industrial systems. Last but not least, the company\u2019s solutions detected and blocked Syswin, a new wiper worm written in Python and packed into the Windows executable format. This threat can have a significant impact on ICS computers due to its ability to self-propagate and destroy data.<\/span><\/p>\n

The energy sector was not the only one to face malicious objects and activities. Other industries, analyzed by Kaspersky experts, have also shown no reason for relief with automotive manufacturing (39.3%) and building automation (37.8%) taking the second and the third places in terms of percentage of the number of ICS computers on which malicious objects were blocked.<\/span><\/p>\n

Other findings of the report include:<\/strong><\/span><\/p>\n