A new report by Kaspersky Lab shows that 91.1% of Industrial Control Systems (ICS) hosts of large organisations can be exploited remotely by hackers.
Kaspersky’s Industrial Control Systems (ICS) threat landscape revealed that large organisations likely have ICS components that have vulnerabilities connected to the Internet that could allow cyber-criminals to attack critical infrastructure systems.
The investigation found that 17,042 ICS components on 13,698 different hosts exposed to the Internet, likely belong to large organisations, which include energy, transportation, aerospace, automotive and manufacturing, food and service, governmental, financial and medical institutions.
The report also uncovered that 3.3% of ICS hosts located in these organisations contain critical vulnerabilities that can be exploited remotely.
“Connected systems are more flexible, able to react quickly to critical situations and implement updates, but in turn, this gives cyber-criminals a chance to remotely control critical ICS components. This can result in physical harm to the equipment as well as potential danger to the whole critical infrastructure,” authors of the Kaspersky Lab report said.
They recommended that Internet-connected Control Systems of large organizations be run in a physically isolated environment to minimise the possibility of a cyber-attack.
“There is no 100 percent guarantee that a particular ICS installation won’t have at least one vulnerable component at any single moment in time,” said Andrey Suvorov, Head of Critical Infrastructure Protection, Kaspersky Lab.
“However, this doesn’t mean that there is no way to protect a factory, a power plant, or even a block in a smart city from cyber-attacks. Simple awareness of vulnerabilities in the components used inside a particular industrial facility is the basic requirement for security management of the facility,” Suvorov added.
The Industrial Control Systems Threat Landscape report is a result of an investigation into ICS threats conducted to help organisations working with ICS to identify their possible weak points.