Cyber attacks against energy sector industrial control systems are on the rise

The same trend is seen with the building automation industry

Attacks on industrial control systems (ICS) computers in the oil and gas industry increased in the first half of 2020 compared to 2019.

That's according to a new research by Kaspersky which also observed the same trend for the building automation sector.

"Despite the overall tendency for the percentages of attacked computers to decrease, we did see the number grow in the Oil & Gas sector by 1.6 p.p. to 37.8 per cent and by 1.9 p.p. to 39.9 per cent for computers used in building automation systems," the researchers stated in their report.

The rise in the number of cyber attacks in these sectors occurred while the percentage of ICS computers attacked in other industries have declined, the researchers said. "In H1 2020 the percentage of ICS computers on which malicious objects were blocked has decreased by 6.6 percentage points to 32.6 per cent."

Another interesting finding of the study is that cyber threats have become more complex and varied of late, with more families of spyware, backdoors, Win32 exploits and malware being developed by threat actors to launch targeted attacks.

The internet, email and removable media remain the leading sources of cyber attacks in the ICS environment.

The Kaspersky report also lists a number of major cyber attacks that hit firms worldwide in H1 2020.

A cyber incident against steel maker BlueScope was reported in May, causing disruptions to some of the company's businesses in the US, Asia, Australia and New Zealand.

In April, the Israel National Cyber Directorate alerted water supply utilities about attempted attacks on SCADA systems of water pumping stations, water treatment plants and sewage networks. Those utilities were advised to change their passwords for all of their systems connected to the internet in order to foil any attempt by threat actors to infiltrate their networks.

Ransomware campaigns continued through the first half of 2020. Prominent names that fell victim to ransomware attacks in that period include, Picanol Group (maker of weaving machines), DESMI (manufacturer of pumping solutions for industrial and marine applications), Energias de Portugal (energy firm), Stadler (Swiss company that makes railway rolling stock), Toll Group (Australian logistics company), Elexon (British electric utility company), and multiple hospitals in the US.

Earlier this year, research by cyber security firm FireEye revealed that the easy accessibility of ready-made tools for hack ICS had increased the risk for major industrial companies. A large number of vendor-agnostic ICS hacking tools are readily available on the web, designed to either exploit existing security flaws in ICS or to interact with the equipment in a way to support intrusions by threat actors.

The study found that cyber criminals had also developed intrusion tools to target systems developed by some specific ICS vendors.