Carefully crafted phishing emails are going after Industrial Control System (ICS) computers. These are sent purportedly from real companies and are masked as business correspondence; commercial offers or invitations to tender. Even legitimate documents (albeit stolen) may be used.
Such phishing is considered extremely dangerous as it could cause material losses and production downtime, says the cyber security company Kaspersky Lab. In 2018, the firm reports, it detected and prevented activity by malicious objects on almost half of ICS computers protected by the company’s products and defined as part of a firm’s industrial infrastructure. The most affected countries were Vietnam, Algeria and Tunisia.
In 2018, the share of ICS computers that experienced such activities grew to 47.2pc from 44pc in 2017. According to the new report, the top-three countries in terms of the percentage of ICS computers on which Kaspersky prevented malicious activity were: Vietnam (70.09 per cent), Algeria (69.91pc), and Tunisia (64.57pc). The least impacted nations were Ireland (11.7pc), Switzerland (14.9pc), and Denmark (15.2pc).
Kirill Kruglov, security researcher at Kaspersky Lab ICS CERT said: “Despite the common myth, the main source of threat to industrial computers is not a targeted attack, but mass-distributed malware that gets into industrial systems by accident, over the internet, through removable media such as USB-sticks, or e-mails. However, the fact that the attacks are successful because of a casual attitude to cybersecurity hygiene among employees means that they can potentially be prevented by staff training and awareness – this is much easier than trying to stop determined threat actors.”
For example, the report features email with malicious attachments disguised as legitimate commercial offers, sent to industry in Russia. The emails are crafted to match the target company’s business niche. In a more recent wave of attacks the emails are being sent out purportedly from partners of the victim company. These emails contain passwords for the attached password protected archives in the body. The archives contain malicious scripts which install malware onto the system and then connect to the hackers’ remote server and download legitimate documents, apparently stolen earlier, from a remote service.
Phishing emails with malicious attachments continue to be the main attack vector for penetrating industrial enterprises. In the past several years, this threat has become routine for workstations, the report says. As a rule, stealing money is the ultimate goal.
