ICS/SCADA Malware Threats

ICS systems at risk

Historically, malware threats for Industrial Control Systems (ICS) have been largely hypothetical, as incidents involving malware designed specifically for ICS have been rare. The 2017 attack by the Triton malware, which targeted critical systems and spread quickly, showed the potential destruction that these types of threats can bring. With the convergence of operations technology (OT) and internet technology (IT), as well as the robust adoption of the Industrial Internet of Things (IIoT) by ICS operators, risks have grown.

An overview of the ICS threat landscape

Industrial control systems and their graphical user interface systems, SCADA (which stands for supervisory control and data acquisition) have increasingly become a cause of concern ever since they started connecting to the internet. Considered secure in the past because they were isolated from the outside world, ICS/SCADA are now exposed. Like any other computer systems, they’re vulnerable to exploits by attackers.

A quick search of the National Vulnerability Database maintained by NIST shows that researchers discovered 5,634 ICS vulnerabilities in 2008. By 2018, that number had more than doubled, to 16,516. As a 2016 Department of Homeland Security ICS malware trends whitepaper pointed out, the growing number of incidents reported to ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) suggested that “the discovery of vulnerabilities in ICS devices is still a growing field and that the number of discoveries is likely to increase as researcher interest expands.”

The challenge with ICS/SCADA, as with other operational technology, is that the slow patching processes leave a wider window for attackers to compromise an organization. At the same time, the number of IT-based attacks targeting industrial OT is growing. According to a 2019 Fortinet report on ICS/SCADA threats, no ICS vendor’s products are immune from attacks, and exploits targeting almost every vendor (Read more...)