A new Kaspersky Report is out today covering the H2 2018, Threat Landscape for Industrial Automation Systems, that almost one in two industrial systems display evidence of attackers attempting malicious activity – in most cases, detected by security software.
Ray DeMeo, Co-founder and Chief Operating Officer at Virsec:
“The industrial automation space is definitely vulnerable and raising awareness of this is important. However, this report perpetuates outdated models of how to address these advanced security issues and only reports on what perimeter tools like Kaspersky can see – repetitive known malware, used by copycat hackers.
Kaspersky refers to the threat from targeted attacks as a “myth” – this attitude is both naïve and dangerous. Numerically, there are of course more instances of unsophisticated script kiddies running known tools repetitively, but these are easily stopped by the most basic AV tools, along with user training.
The vast majority of damage, disruption, financial loss and fear around industrial security comes from new, targeted attacks that have never been seen and cannot be detected by signature-based tools. Triton, Industroyer, WannaCry, Blackenergy, Greyenegy and others all started as targeted attacks aimed at specific organizations and specific types of ICS systems, and caused tens of billions in damages. These can only be detected and stopped by security tools that guardrail how applications actually execute, as opposed to chasing elusive threats.”