Ransomware targeting ICS warns Trend Micro’s report

Ransomware

Bangalore: A new report from Trend Micro has warned against the growing risk of downtime and sensitive data theft from ransomware attacks aimed at industrial facilities.

US has the most ransomware detections affecting ICSs followed by India, Taiwan and Spain, as per Trend Micro’s 2020 Report on Threats Affecting ICS Endpoints.

India has the most coinminer, Equated malware, and WannaCry ransomware detections. Also, legacy malware (particularly worms in removable drives and file infecting viruses) had the most detections in India, China, the US, and Taiwan, the report stated.

Industrial Control Systems (ICS) are a crucial element of utility plants, factories and other facilities to monitor and control industrial processes across IT-OT networks.

If ransomware attacks these systems then it could halt operations for days. This results in increasing the risks of data theft of designs, programs and other sensitive documents. And cybercriminals could put the stolen data for sale on the dark web and it can’t be ruled out.

“ICSs are incredibly challenging to secure, leaving plenty of gaps in protection that threat actors are clearly exploiting with growing determination. Using malware detections as one of the criteria of IT/OT networks’ cybersecurity readiness can improve the organisations’ security posture and, in turn, better protect ICS endpoints,” said Vijendra Katiyar, Country Manager -India and SAARC, Trend Micro.

“This prevents unintended downtime and the loss of view and control. For ransomware, companies should be wary of cybercriminals’ big-game hunting and security issues that are used by both the legacy malware and the latest attack trends should be addressed,” added Katiyar.

Ryuk (20%), Nefilim (14.6%), Sodinokibi (13.5%) and LockBit (10.4%) variants accounted for more than half of ICS ransomware infections in 2020, found the report.

The report also revealed:

  • Threat actors are infecting ICS endpoints to mine for cryptocurrency using unpatched operating systems still vulnerable to EternalBlue.
  • Variants of Conficker are spreading on ICS endpoints running newer operating systems by brute-forcing admin shares.
  • Legacy malware such as Autorun, Gamarue and Palevo is still widespread in IT/OT networks, spreading via removable drives.

The report urged closer cooperation between IT security and OT teams to identify key systems and dependencies such as OS compatibility and up-time requirements, with a view to developing more effective security strategies.

Related posts

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.