Cyber criminals accidentally hit industrial PCs.



Cyber criminals accidentally attacking industrial computers.


Industrial companies suffer encryption malware attacks alongside other organisations. However, attackes on the industrial infrastructure being appear to be accidental, rather than targeted infections.


Unfortunately, even an accidental infection of computers on an industrial network by encryption malware can result in downtime. A related malfunction of the enterprise’s industrial automation systems, can lead to disruption of the enterprise’s production cycles.


According to a recent report by anti-virus makers Kaspersky Lab, the active distribution of encryption malware is set to continue. So far, Kaspersky say there have been no credible instances of targeted ransomware attacks against industrial companies with ransom as their primary objective.


Financial organisations have been the target of most cyber criminals. They have not seen any encryption malware specifically designed to block industrial automation software. Typical industrial control systems use Windows computers for function such as:

  • supervisory control and data acquisition (SCADA) servers,
  • data storage servers (Historian),
  • data gateways (OPC),
  • workstations of engineers and operators,
  • Human Machine Interface (HMI).


Infection in Industrial Computers

In terms of the technologies used, industrial networks are becoming increasingly like corporate networks. Consequently, the threat for industrial control systems (ICS) is becoming is becoming the same.


ICS computers in manufacturing companies producing goods and equipment accounted for about one third of attacks. Because the malware was not designed to attack industrial automation systems, corruption was deemed to have been accidental.



The same categories of malware that attack corporate computers are also relevant for ICS computers, including spyware, ransomware, backdoors and wiper-type programs that render the computer unusable and wipe data from the hard drive. Such programs pose a particularly serious threat to ICS computers, since infection with such malware can result in a loss of control or disruption of industrial processes.


For computers that are part of industrial infrastructure, the Internet remains the main source of infection. Contributing factors include interfaces between corporate and industrial networks, availability of limited Internet access from industrial networks, and connection of computers on industrial networks to the Internet.


On 0.1% of ICS computers, malware was found in local folders of cloud storage services following synchronisation over the Internet.



The Kaspersky report recommends taking a set of measures designed to ensure the security of the industrial network’s internal and external perimeters.  This includes preventing accidental infections by cyber criminals and to provide protection from targeted attacks against industrial networks.


Firstly, provide secure remote management of automation systems and the transfer of data between the industrial network and other networks. This means, whever possible restricting access between systems which are parts of different networks or which have different trust levels.


Go here for the full report. Threat Landscape for Industrial Automation Systems in H1 2017

Recent blog posts