Trend Micro’s report suggests that the industrial control systems face increased danger of being targeted by ransomware attacks
Trend Micro, the leading cyber security solution provider, has released a new report highlighting the growing risk of downtime and sensitive data theft from ransomware attacks aimed at industrial facilities. Trend Micro’s report also reveals that Ryuk (20 percent), Nefilim (14.6 percent), Sodinokibi (13.5 percent) and LockBit (10.4 percent) variants accounted for more than half of ICS ransomware infections in 2020.
Industrial Control Systems (ICS) are a crucial element of utility plants, factories and other facilities—where they’re used to monitor and control industrial processes across IT-OT networks. If ransomware finds its way onto these systems, it could knock out operations for days and increase the risk of designs, programs, and other sensitive documents finding their way onto the dark web.
According to the ‘2020 Report on Threats Affecting ICS Endpoints’ by Trend Micro, the US is by far the country with the most ransomware detections affecting ICSs, with India, Taiwan, and Spain a far second. India has the most coinminer, Equated malware, and WannaCry ransomware detections. Also, legacy malware (particularly worms in removable drives and file infecting viruses) had the most detections in India, China, the US, and Taiwan.
“ICSs are incredibly challenging to secure, leaving plenty of gaps in protection that threat actors are clearly exploiting with growing determination. Using malware detections as one of the criteria of IT/OT networks’ cybersecurity readiness can improve the organizations’ security posture and, in turn, better protect ICS endpoints. This prevents unintended downtime and the loss of view and control. For ransomware, companies should be wary of cybercriminals’ big-game hunting and security issues that are used by both the legacy malware and the latest attack trends should be addressed,” said Vijendra Katiyar, Country Manager, India & SAARC, Trend Micro.
Trend Micro’s recommendations
- Prompt patching is vital. If this is not possible, consider network segmentation or virtual patching from vendors like Trend Micro.
- Tackle post-intrusion ransomware by mitigating the root causes of infection via application control software, and threat detection and response tools to sweep networks for IoCs.
- Restrict network shares and enforce strong username/password combinations to prevent unauthorized access through credential brute forcing.
- Use an IDS or IPS to baseline normal network behavior to better spot suspicious activity.
- Scan ICS endpoints in air-gapped environments using standalone tools.
- Set up USB malware scanning kiosks to check the removable drives used to transfer data between air-gapped endpoints.
- Apply principle of least privilege to OT network admins and operators.
Qaisar
