EVGENY GONCHAROV - Kaspersky Industrial CyberSecurity€¦ · Head of Kaspersky Lab ICS CERT More...
Transcript of EVGENY GONCHAROV - Kaspersky Industrial CyberSecurity€¦ · Head of Kaspersky Lab ICS CERT More...
EVGENY GONCHAROVKaspersky Lab
➢ Head of Kaspersky Lab ICS CERT
➢ More than 14 years of experience in IT security
➢ In 2014 led KL team that protected the Sochi 2014 Olympic Games'
critical infrastructure
➢ Since 2014, has been driving ICS cybersecurity research and
development
linkedin.com/in/evgeny-goncharov-a4446634/
Evgeny Goncharov
Head of Kaspersky Lab ICS CERT
5 Myths of Industrial Cyber Security
Myth #1
…e.g. they are not accessible from Internet
…and therefore are not exposed to threats coming from Internet
”Our ICS are not connected to Internet”
Myth #1: ICS are not connected to InternetScenario #1: multiple connected plants
KASPERSKY LAB ICS CERT
Myth #1: ICS are not connected to InternetScenario #2: connected substations
KASPERSKY LAB ICS CERT
Myth #1: ICS are not connected to InternetScenario #3: bank in ICS network
KASPERSKY LAB ICS CERT
37,50% 36,61%37,75%
41,21%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
H2 2016 H1 2017 H2 2017 H1 2018
Myth #1: ICS are not connected to Internet% of ICS Computers Attacked by Malware – According to KSN Statistics
19.400 Malware modifications
UP 1500 compared to H2, 2017
2.800 Malware families
UP 400 compared to H2, 2017
7
KASPERSKY LAB ICS CERT
https://ics-cert.kaspersky.com/reports/2018/09/06/threat-landscape-for-industrial-automation-systems-h1-2018/
OT vs IT20,6%
9,3%8,3%
4,4%3,9%
22,7%
7,9% 7,2%
4,1%
3,8%
27,3%
8,4%7,3%
4,4% 3,8%
0%
5%
10%
15%
20%
25%
30%
Internet Removabledevices
Droppers ThirdParty Mail
H1 2017 H2 2017 H1 2018
Myth #1: ICS are not connected to Internet% of ICS computers attacked by malware via selected attack vector - according to KSN statistics
https://ics-cert.kaspersky.com/reports/2018/09/06/threat-landscape-for-industrial-automation-systems-h1-2018/
KASPERSKY LAB ICS CERT
Myth #2
…there are no simple ways for the criminals to monetize an attack
…we are either not attacked or attacked by a highly capable adversary
…so there is no need to spent too much resources to defend
”It makes no practical sense to attack us”
OT vs IT
Nigerian phishing: 500+ Industrial organizations attacked world-wide
.RU campaign: 400+ Industrial organizations attacked in Russia
Criminal attack campaigns
Energetic Bear / Crouching Yeti attacks in 2017-2018
Politically motivated (?) attack campaigns
It’s getting harder to find differences
Myth #2: no practical sense to attackWide-spread attack campaigns targeting hundreds of industrial enterprises
KASPERSKY LAB ICS CERT
Myth #3
…to protect from random and criminal attacks we just need to train the staff
…no additional security measures and tools are needed
”It’s sufficient just to train the stuff”
12
0%
5%
10%
15%
20%
25%
30%
July
Augu
st
Septe
mber
Octo
ber
Noth
em
be
r
De
cem
ber
Jan
ua
ry
Fe
bra
ry
Marc
h
Apri
l
May
June
July
Augu
st
Septe
mber
Octo
ber
Noth
em
be
r
Decem
ber
Jan
ua
ry
Fe
bra
ry
Ma
rch
Apri
l
May
June
2016 2017 2018
https://ics-cert.kaspersky.com/reports/2018/09/06/threat-landscape-for-industrial-automation-systems-h1-2018/
Myth #3: just train the staff% of ICS computers attacked by malware - according to KSN statistics
KASPERSKY LAB ICS CERT
13https://ics-cert.kaspersky.com/reports/2018/09/06/threat-landscape-for-industrial-automation-systems-h1-2018/
Myth #3: just train the staff% of ICS computers attacked by malware in APAC, H1 2018 - according to KSN statistics
KASPERSKY LAB ICS CERT
75,1%
64,0%
57,4%51,4%
49,9%
46,9%
42,1%
39,3%30,1%
24,4%23,1%19,4%
0,0% 10,0% 20,0% 30,0% 40,0% 50,0% 60,0% 70,0% 80,0%
Vietnam
Indonesia
China
Philippines
Malaysia
Taiwan
Thailand
Korea
Australia
Japan
Singapore
Hong Kong
14 https://ics-cert.kaspersky.com/reports/2018/09/06/threat-landscape-for-industrial-automation-systems-h1-2018/
Myth #3: just train the staff% of ICS computers attacked by malware in APAC, H1 2018 - according to KSN statistics
KASPERSKY LAB ICS CERT
0,0% 5,0% 10,0% 15,0% 20,0%
Denmark
Ireland
Switzerland
Netherlands
Sweden
United Kingdom
Austria
Israel
USA
Belgium
Germany
Japan
Internet Removable devices Mail
15
KASPERSKY LAB ICS CERT
https://ics-cert.kaspersky.com/reports/2018/09/06/threat-landscape-for-industrial-automation-systems-h1-2018/
Australia; 30,1%; 12United Arab Emirates; 42,3%; 25
Korea; 39,3%; 36 Saudi Arabia; 55,0%; 46
Chile; 50,4%; 59
China; 57,4%; 89Thailand; 42,1%; 108
Colombia; 33,9%; 110
South Africa; 35,8%; 113
Philippines; 51,4%; 161
Ukraine; 39,4%; 163Egypt; 55,1%; 167
Vietnam; 75,1%; 168India; 55,2%; 175
0
20
40
60
80
100
120
140
160
180
200
0% 10% 20% 30% 40% 50% 60% 70% 80%
Myth #3: just train the staff% of ICS Computers Attacked by Malware – According to KSN Statistics vs GDP Rank
Myth #4
…safety measures are sufficient to protect from cyber attacks
...we might need to upgrade them to mitigate cyber risks
…no additional security measures and tools are needed
”Safety > Security”
17
Myth #4: safety > securityTRITON case study
KASPERSKY LAB ICS CERT
18
Myth #4: safety > securityPower & Energy sector cases
KASPERSKY LAB ICS CERT
Myth #5
…since Stuxnet ICS vendors started to pay more attention to security
...their new products’ architecture & implementation is getting more secure by design
…no additional security measures and tools are needed
”New ICS products are secure by design”
20
Myth #5: new ICS products are secure by design0-day vulnerabilities in ICS products found and reported by KL ICS CERT
KASPERSKY LAB ICS CERT
0
5
10
15
20
25
30
35
40
45
50
0
10
20
30
40
50
60
70
80
90
Fixed Not Fixed
21
Myth #5: new ICS products are secure by designVulnerable common technologies – OPC-UA case study
KASPERSKY LAB ICS CERT
UP to 468 products could possibly be affected:
https://opcfoundation.org/products
ics-cert.kaspersky.com
Kaspersky Lab ICS CERT