Cybersecurity Threats to ICS Endpoints

  /  ICS Security   /  Cybersecurity Threats to ICS Endpoints
Cybersecurity programmer

Cybersecurity Threats to ICS Endpoints

As the interconnection between IT (information technology) and OT (operational technology) continues to grow, cybersecurity for Industrial Control Systems (ICS) is becoming more important. Trend Micro shares their findings on both old and new threats that hound industrial endpoints in their “2020 Report on Threats Affecting ICS Endpoints.”

Cybersecurity and Malware

To validate ICS security and establish a global baseline for examining the threats that plague these systems, Trend Micro analyzed and reported specific malware families found in ICS endpoints.

The type of malware cybercriminals choose to wield in particular incidents offers a glimpse into the scope and severity of these large cyber attacks, providing clues on two key aspects: the attackers and the affected network.

The choice of malware helps unveil the attackers’ motivation and skill level. For example, the use of ransomware or a coinminer signifies financial motivation, the use of a wiper or other destructive malware suggests sabotage, and the use of a backdoor or information-stealing malware reveals industrial espionage. In terms of the attackers’ skill, the use of customized malware suggests high technical skill or understanding of the attacked environment, while off-the-shelf malware suggests amateur skills, although this is not always the case.

Malware and Unpatched Endpoints

The malware found in the system could also provide insights into the affected network’s environment and cybersecurity hygiene. It can be inferred the inadequate security practices applied on the affected networks based on malware infections found in them. For one, malware variants exploiting certain vulnerabilities imply unpatched endpoints. On the other hand, file-infecting viruses suggest previous infections that were not totally eradicated, with groups of unchecked devices hosting the viruses.

By identifying and breaking down the malware threats found in ICSs through the data gathered in 2020, insights into the general security posture of industrial control systems found in IT/OT environments and what attackers are doing once they compromise it are provided. Recommendations are also shared on how to secure these environments.

Download the full report from Trend Micro.

Further reading: Five cybersecurity experts about CrashOverride malware: main dangers and lessons for IIoT

Learn how your organization can protect itself from ICS cyber attacks at IIoT World’s Cybersecurity Day on October 6, 2021. The first 500 tickets are free, so register today.