June 15, 2016 - Booz Allen Hamilton released a new report on cybersecurity threats to ICS and other critical infrastructure that analyzed hundreds of cross-industry threats, breaches and vulnerabilities that have occurred over the last 18 months.
Some of the threats analyzed include:
- Offering SCADA-access-as-a-service (SAaaS) – in
- DPRK reconnaissance of light-rail operators in potential preparation for an ICS attack – Within the past eight months, North Korea has been tied to three separate reconnaissance attacks on South Korea’s light-rail operators.
December 2015 alone, hackers used SCADA access to cause a blackout in Ukraine that affected 225,000 citizens, while that same month, U.S. investigators revealed that an Iranian hacker had previously gained access to the Bowman Dam in New York through a SCADA system.
In each scenario, North Korea stole information pertaining to critical systems, such as speed and safety controls, traffic flow monitors and other central operating systems.
Overall, major takeaways from the report include:
- Based on Booz Allen’s analysis, new targets, including light rail operators, and new tactics, such as SCADA-access-as-a-Service (SAaaS) and Ransomware against ICS, are likely to emerge or expand.
- Nation-state-backed groups conducted sophisticated and widespread campaigns to steal operational data and establish footholds in ICS environments.
- For the first time since ICS-CERT began tracking reported incidents in 2009, critical manufacturing experienced more incidents than the energy sector.
- Overall, ICS incidents are on the rise.
- Spearphishing is the primary method of attack, with the number of attacks increasing by 160%—from 42 to 109—from FY 2014 to FY 2015.
The number of incidents reported to US authorities rose by 17% in FY 2015 .
With 295 reported incidents, 2015 had the most reported incidents to date.
