Since IBM X-Force published its report, “Security Attacks on Industrial Control Systems,” last year, we have observed a startling increase in the number of attacks against these systems.

Attacks Against Industrial Control Systems Increasing

According to IBM Managed Security Services (MSS) data, attacks targeting industrial control systems (ICS) increased over 110 percent in 2016 over last year’s numbers, as of Nov. 30.

Specifically, the spike in ICS traffic was related to SCADA brute-force attacks, which use automation to guess default or weak passwords. Once broken, attackers can remotely monitor or control connected SCADA devices.

In January 2016, GitHub released a penetration testing solution that contained a brute-force tool that can be used against Modbus, a serial communication protocol. The public release and subsequent use of this tool by various unknown actors likely led to the rise in malicious activity against ICS in the past 12 months.

U.S.-based actors accounted for the majority of ICS attacks in 2016. This was not surprising, since the U.S. has the largest presence of internet-connected ICS systems in the world.


The U.S. was also the largest target of ICS-based attacks in 2016, primarily because, once again, it has a larger ICS presence than any other country at this time.


Notable Recent ICS Attacks

ICS attacks, like other types of cyberthreats, have been increasing in scale and sophistication over the past few years. The rise is linked with the growing connectivity of industrial systems. Let’s review a few high-profile cases reported over the last year from different parts of the world:

ICS Malware Targets European Energy Company

The SFG malware, discovered in June 2016 on the networks of a European energy company, created a backdoor on targeted industrial control systems. The backdoor delivered a payload that was “used to extract data from or potentially shut down the energy grid,” according to security researchers at SentinelOne Labs, as reported by The Register.

The Windows-based SFG malware is designed to bypass traditional antivirus software and firewalls. It contains all the hallmarks of a nation-state attack, likely of Eastern European origin.

New York Dam Attack

In March 2016, the U.S. Justice Department claimed that Iran had attacked U.S. infrastructure by infiltrating the industrial controls of a dam in Rye Brook, New York. The attackers compromised the dam’s command-and-control (C&C) system in 2013 using a cellular modem.

This is troubling because it represents one of the first major efforts of a foreign government entity to commandeer U.S. infrastructure. Although the attack happened in 2013, it wasn’t reported or attributed until 2016.

Ukrainian Power Outage

In December 2015, a power company located in western Ukraine suffered a power outage that impacted a large area that included the regional capital of Ivano-Frankivsk, Reuters reported. Investigatiors discovered that cybercriminals had faciliated the outage by using BlackEnergy malware to exploit the macros in Microsoft Excel documents. The bug was planted into the company’s network using spear phishing emails.

These three attacks succeeded primarily due to the lack of situational awareness by both the employees and management of the firms in question. This is not surprising, given the increase of automation and internet connectivity within the industrial world.

Mitigating Risk to ICS

Government and private institutions around the world are starting to focus on mitigating risk to ICS. Cybercriminals are developing new threats on a daily basis that can, and eventually will, result in catastrophic utility outages.

The threat to ICS permeates across a nation’s entire economy and infrastructure. Organizations across all verticals must take full responsibility for protecting their own assets and consumers. There should be no exceptions, since the best way to keep adversaries out of an ICS is to implement simple safeguards, best practices and risk management solutions. You can download ICS-specific resources from government entities like the National Institute of Standards and Technology (NIST), which also offers network protection advice for connected things in the industrial realms.

For more information on protecting ICS from rising threats while continuing to enable technological advancements, read IBM X-Force’s research report, “Security Attacks on Industrial Control Systems.” The report looks at the history of ICS, the susceptibility of these systems to certain attacks and ways to defend those systems.

More from Energy & Utility

Water facilities warned to improve cybersecurity

3 min read - United States water facilities, which include 150,000 public water systems, have become an increasingly high-risk target for cyber criminals in recent years. This rising threat has demanded more attention and policies focused on improving cybersecurity.Water and wastewater systems are one of the 16 critical infrastructures in the U.S. The definition for inclusion in this category is that the industry must be so crucial to the United States that “the incapacity or destruction of such systems and assets would have a…

The UK energy sector faces an expanding OT threat landscape

3 min read - Critical infrastructure is under attack in almost every country, but especially in the United Kingdom. The UK was the most attacked country in Europe, which is already the region most impacted by cyber incidents. The energy industry is taking the brunt of those cyberattacks, according to IBM’s X-Force Threat Intelligence Index 2024.The energy sector is a favorite target for threat actors. The complexity of systems and the reliance on legacy OT systems make them easy prey. Because of the critical…

Third-party breaches hit 90% of top global energy companies

3 min read - A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve in everyday life.Their increased dependence on digital systems facilitates the increase in attacks on infrastructure networks. This sheds light on the need for these energy companies to adopt a proactive approach to securing their networks and customer information.2023 industry recap:…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today