Since IBM X-Force published its report, “Security Attacks on Industrial Control Systems,” last year, we have observed a startling increase in the number of attacks against these systems.

Attacks Against Industrial Control Systems Increasing

According to IBM Managed Security Services (MSS) data, attacks targeting industrial control systems (ICS) increased over 110 percent in 2016 over last year’s numbers, as of Nov. 30.

Specifically, the spike in ICS traffic was related to SCADA brute-force attacks, which use automation to guess default or weak passwords. Once broken, attackers can remotely monitor or control connected SCADA devices.

In January 2016, GitHub released a penetration testing solution that contained a brute-force tool that can be used against Modbus, a serial communication protocol. The public release and subsequent use of this tool by various unknown actors likely led to the rise in malicious activity against ICS in the past 12 months.

U.S.-based actors accounted for the majority of ICS attacks in 2016. This was not surprising, since the U.S. has the largest presence of internet-connected ICS systems in the world.

The U.S. was also the largest target of ICS-based attacks in 2016, primarily because, once again, it has a larger ICS presence than any other country at this time.

Notable Recent ICS Attacks

ICS attacks, like other types of cyberthreats, have been increasing in scale and sophistication over the past few years. The rise is linked with the growing connectivity of industrial systems. Let’s review a few high-profile cases reported over the last year from different parts of the world:

ICS Malware Targets European Energy Company

The SFG malware, discovered in June 2016 on the networks of a European energy company, created a backdoor on targeted industrial control systems. The backdoor delivered a payload that was “used to extract data from or potentially shut down the energy grid,” according to security researchers at SentinelOne Labs, as reported by The Register.

The Windows-based SFG malware is designed to bypass traditional antivirus software and firewalls. It contains all the hallmarks of a nation-state attack, likely of Eastern European origin.

New York Dam Attack

In March 2016, the U.S. Justice Department claimed that Iran had attacked U.S. infrastructure by infiltrating the industrial controls of a dam in Rye Brook, New York. The attackers compromised the dam’s command-and-control (C&C) system in 2013 using a cellular modem.

This is troubling because it represents one of the first major efforts of a foreign government entity to commandeer U.S. infrastructure. Although the attack happened in 2013, it wasn’t reported or attributed until 2016.

Ukrainian Power Outage

In December 2015, a power company located in western Ukraine suffered a power outage that impacted a large area that included the regional capital of Ivano-Frankivsk, Reuters reported. Investigatiors discovered that cybercriminals had faciliated the outage by using BlackEnergy malware to exploit the macros in Microsoft Excel documents. The bug was planted into the company’s network using spear phishing emails.

These three attacks succeeded primarily due to the lack of situational awareness by both the employees and management of the firms in question. This is not surprising, given the increase of automation and internet connectivity within the industrial world.

Mitigating Risk to ICS

Government and private institutions around the world are starting to focus on mitigating risk to ICS. Cybercriminals are developing new threats on a daily basis that can, and eventually will, result in catastrophic utility outages.

The threat to ICS permeates across a nation’s entire economy and infrastructure. Organizations across all verticals must take full responsibility for protecting their own assets and consumers. There should be no exceptions, since the best way to keep adversaries out of an ICS is to implement simple safeguards, best practices and risk management solutions. You can download ICS-specific resources from government entities like the National Institute of Standards and Technology (NIST), which also offers network protection advice for connected things in the industrial realms.

For more information on protecting ICS from rising threats while continuing to enable technological advancements, read IBM X-Force’s research report, “Security Attacks on Industrial Control Systems.” The report looks at the history of ICS, the susceptibility of these systems to certain attacks and ways to defend those systems.

More from Energy & Utility

X-Force 2022 Insights: An Expanding OT Threat Landscape

This post was written with contributions from Dave McMillen. So far 2022 has seen international cyber security agencies issuing multiple alerts about malicious Russian cyber operations and potential attacks on critical infrastructure, the discovery of two new OT-specific pieces of malware, Industroyer2 and InController/PipeDream, and the disclosure of many operational technology (OT) vulnerabilities. The OT cyber threat landscape is expanding dramatically and OT asset owners and operators, all of whom understand the need to keep critical infrastructures running safely, need to be aware…

One Year After the Colonial Pipeline Attack, Regulation Is Still a Problem

The Colonial Pipeline cyberattack is still causing ripples. Some of these federal mandates may mark major changes for operational technology (OT) cybersecurity. The privately held Colonial Pipeline company, which provides nearly half of the fuel used by the East Coast — gasoline, heating oil, jet fuel and fuel for the military totaling around 100 million gallons a day — was hit by a double-extortion ransomware attack by a DarkSide group in May of 2021.  In reaction, the company shut down…

Lessons Learned by 2022 Cyberattacks: X-Force Threat Intelligence Report

Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights. This year, a new industry took the infamous top spot: manufacturing. For the first time in over five years, finance and insurance were not the top-attacked industries in 2021, as manufacturing overtook them by a…

A New Cybersecurity Executive Order Puts the Heat on Critical Infrastructure Suppliers

Ransomware. Five years ago, the cybersecurity community knew that term well, although among others it was far from dinner table conversation. Times have changed. Since early 2020, ransomware has hit a slew of headlines. People inside and outside of the security industry are talking about it, and many have experienced the ransomware pain firsthand. The IBM Security 2021 Cost of a Data Breach report notes that ransomware attacks cost on average $4.62 million, excluding the cost of paying the ransom.…