EVGENY GONCHAROV - Kaspersky Industrial CyberSecurity€¦ · Head of Kaspersky Lab ICS CERT More...

EVGENY GONCHAROVKaspersky Lab

➢ Head of Kaspersky Lab ICS CERT

➢ More than 14 years of experience in IT security

➢ In 2014 led KL team that protected the Sochi 2014 Olympic Games'

critical infrastructure

➢ Since 2014, has been driving ICS cybersecurity research and

development

linkedin.com/in/evgeny-goncharov-a4446634/

Evgeny Goncharov

Head of Kaspersky Lab ICS CERT

5 Myths of Industrial Cyber Security

Myth #1

…e.g. they are not accessible from Internet

…and therefore are not exposed to threats coming from Internet

”Our ICS are not connected to Internet”

Myth #1: ICS are not connected to InternetScenario #1: multiple connected plants

KASPERSKY LAB ICS CERT

Myth #1: ICS are not connected to InternetScenario #2: connected substations


Myth #1: ICS are not connected to InternetScenario #3: bank in ICS network


37,50% 36,61%37,75%

41,21%

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

H2 2016 H1 2017 H2 2017 H1 2018

Myth #1: ICS are not connected to Internet% of ICS Computers Attacked by Malware – According to KSN Statistics

19.400 Malware modifications

UP 1500 compared to H2, 2017

2.800 Malware families

UP 400 compared to H2, 2017

7


https://ics-cert.kaspersky.com/reports/2018/09/06/threat-landscape-for-industrial-automation-systems-h1-2018/

OT vs IT20,6%

9,3%8,3%

4,4%3,9%

22,7%

7,9% 7,2%

4,1%

3,8%

27,3%

8,4%7,3%

4,4% 3,8%

0%

5%

10%

15%

20%

25%

30%

Internet Removabledevices

Droppers ThirdParty Mail

H1 2017 H2 2017 H1 2018

Myth #1: ICS are not connected to Internet% of ICS computers attacked by malware via selected attack vector - according to KSN statistics



Myth #2

…there are no simple ways for the criminals to monetize an attack

…we are either not attacked or attacked by a highly capable adversary

…so there is no need to spent too much resources to defend

”It makes no practical sense to attack us”

OT vs IT

Nigerian phishing: 500+ Industrial organizations attacked world-wide

.RU campaign: 400+ Industrial organizations attacked in Russia

Criminal attack campaigns

Energetic Bear / Crouching Yeti attacks in 2017-2018

Politically motivated (?) attack campaigns

It’s getting harder to find differences

Myth #2: no practical sense to attackWide-spread attack campaigns targeting hundreds of industrial enterprises


Myth #3

…to protect from random and criminal attacks we just need to train the staff

…no additional security measures and tools are needed

”It’s sufficient just to train the stuff”

12

0%

5%

10%

15%

20%

25%

30%

July

Augu

st

Septe

mber

Octo

ber

Noth

em

be

r

De

cem

ber

Jan

ua

ry

Fe

bra

ry

Marc

h

Apri

l

May

June

July

Augu

st

Septe

mber

Octo

ber

Noth

em

be

r

Decem

ber

Jan

ua

ry

Fe

bra

ry

Ma

rch

Apri

l

May

June

2016 2017 2018


Myth #3: just train the staff% of ICS computers attacked by malware - according to KSN statistics


13https://ics-cert.kaspersky.com/reports/2018/09/06/threat-landscape-for-industrial-automation-systems-h1-2018/

Myth #3: just train the staff% of ICS computers attacked by malware in APAC, H1 2018 - according to KSN statistics


75,1%

64,0%

57,4%51,4%

49,9%

46,9%

42,1%

39,3%30,1%

24,4%23,1%19,4%

0,0% 10,0% 20,0% 30,0% 40,0% 50,0% 60,0% 70,0% 80,0%

Vietnam

Indonesia

China

Philippines

Malaysia

Taiwan

Thailand

Korea

Australia

Japan

Singapore

Hong Kong

14 https://ics-cert.kaspersky.com/reports/2018/09/06/threat-landscape-for-industrial-automation-systems-h1-2018/

Myth #3: just train the staff% of ICS computers attacked by malware in APAC, H1 2018 - according to KSN statistics


0,0% 5,0% 10,0% 15,0% 20,0%

Denmark

Ireland

Switzerland

Netherlands

Sweden

United Kingdom

Austria

Israel

USA

Belgium

Germany

Japan

Internet Removable devices Mail

15



Australia; 30,1%; 12United Arab Emirates; 42,3%; 25

Korea; 39,3%; 36 Saudi Arabia; 55,0%; 46

Chile; 50,4%; 59

China; 57,4%; 89Thailand; 42,1%; 108

Colombia; 33,9%; 110

South Africa; 35,8%; 113

Philippines; 51,4%; 161

Ukraine; 39,4%; 163Egypt; 55,1%; 167

Vietnam; 75,1%; 168India; 55,2%; 175

0

20

40

60

80

100

120

140

160

180

200

0% 10% 20% 30% 40% 50% 60% 70% 80%

Myth #3: just train the staff% of ICS Computers Attacked by Malware – According to KSN Statistics vs GDP Rank

Myth #4

…safety measures are sufficient to protect from cyber attacks

...we might need to upgrade them to mitigate cyber risks


”Safety > Security”

17

Myth #4: safety > securityTRITON case study


18

Myth #4: safety > securityPower & Energy sector cases


Myth #5

…since Stuxnet ICS vendors started to pay more attention to security

...their new products’ architecture & implementation is getting more secure by design


”New ICS products are secure by design”

20

Myth #5: new ICS products are secure by design0-day vulnerabilities in ICS products found and reported by KL ICS CERT


0

5

10

15

20

25

30

35

40

45

50

0

10

20

30

40

50

60

70

80

90

Fixed Not Fixed

21

Myth #5: new ICS products are secure by designVulnerable common technologies – OPC-UA case study


UP to 468 products could possibly be affected:

https://opcfoundation.org/products

ics-cert.kaspersky.com

Kaspersky Lab ICS CERT

EVGENY GONCHAROV - Kaspersky Industrial CyberSecurity€¦ · Head of Kaspersky Lab ICS CERT More...

Documents

Transcript of EVGENY GONCHAROV - Kaspersky Industrial CyberSecurity€¦ · Head of Kaspersky Lab ICS CERT More...