Kaspersky Report: Energy and ICS Integration companies face highest chance of cyberattack
卡巴斯基報告：能源和工控係統集成公司麵臨最高的網絡攻擊風險

A report from Kaspersky Lab found that in the second half of 2017, nearly 40 percent of all industrial control systems (ICS) in energy organizations protected by Kaspersky Lab solutions were attacked by malware at least once – closely followed by 35 percent of engineering & ICS integration networks.

卡巴斯基實驗室發布的一份報告發現
，在2017年下半年，受卡巴斯基實驗室解決方案保護的能源組織中，有近40％的工業控製係統（ICS）至少遭到一次的惡意軟件攻擊
，緊隨其後的是35％的工程和工控係統集成網絡。

The Kaspersky Lab report, “Threat Landscape for Industrial Automation Systems in H2 2017,” also found that for all other industries (manufacturing, transportation, utilities, food, healthcare, etc.) the proportion of ICS computers attacked ranged from 26 percent to 30 percent on average. The vast majority of detected attacks were accidental hits.

這份“2017年下半年工業自動化係統威脅情況”卡巴斯基實驗室報告還發現，對於所有其他行業（製造業
、交通運輸業
、公用事業、食品
、醫療保健等）而言，工控係統計算機遭受攻擊的比例平均介乎26％到30％之間。絕大多數檢測到的攻擊都是意外擊中。

The cybersecurity of industrial facilities remains an issue that can lead to very serious consequences affecting industrial processes, as well as businesses losses. While analyzing the threat landscape in different industries, Kaspersky Lab ICS CERT recorded that nearly all industries regularly experience cyberattacks on their ICS computers. However, there are two industries that were attacked more than others – energy organizations (39%), and engineering and ICS integration businesses (35%).

工gong業ye設she施shi的de網wang絡luo安an全quan仍reng然ran是shi一yi大da問wen題ti，可ke能neng導dao致zhi影ying響xiang工gong業ye流liu程cheng的de嚴yan重zhong後hou果guo，造zao成cheng企qi業ye損sun失shi。在zai分fen析xi不bu同tong行xing業ye的de威wei脅xie情qing況kuang時shi，卡ka巴ba斯si基ji實shi驗yan室shi工gong控kong係xi統tong網wang絡luo應ying急ji響xiang應ying小xiao組zu記ji錄lu了le幾ji乎hu所suo有you行xing業ye其qi工gong控kong係xi統tong計ji算suan機ji日ri常chang遭zao受shou的de網wang絡luo攻gong擊ji。但dan有you兩liang個ge行xing業ye較jiao其qi他ta行xing業ye受shou到dao的de攻gong擊ji更geng多duo

，那na就jiu是shi能neng源yuan機ji構gou（39％）
，以及工程和工控係統集成業務（35％）。

The sector that demonstrated the most noticeable growth of ICS computers attacked during the second half of 2017 (compared to the first half of 2017) was construction, with 31 percent attacked. The relatively high percentage of attacked ICS computers in the construction industry compared to the first half of 2017 could indicate that these organizations are not necessarily mature enough to pay the required attention to the protection of industrial computers. Their computerized automation systems might be relatively new and an industrial cybersecurity culture is still being developed in these organizations.

在2017年下半年（與2017年上半年相比），工控係統計算機受攻擊上升最為明顯的行業是建築業
，有31％受到攻擊。與2017年(nian)上(shang)半(ban)年(nian)相(xiang)比(bi)


，建(jian)築(zhu)行(xing)業(ye)受(shou)到(dao)攻(gong)擊(ji)的(de)工(gong)控(kong)係(xi)統(tong)計(ji)算(suan)機(ji)的(de)比(bi)例(li)相(xiang)對(dui)較(jiao)高(gao)，這(zhe)可(ke)能(neng)表(biao)明(ming)這(zhe)些(xie)機(ji)構(gou)未(wei)必(bi)足(zu)夠(gou)成(cheng)熟(shu)，無(wu)法(fa)對(dui)工(gong)業(ye)計(ji)算(suan)機(ji)的(de)保(bao)護(hu)給(gei)予(yu)必(bi)要(yao)的(de)關(guan)注(zhu)。他(ta)們(men)的(de)計(ji)算(suan)機(ji)自(zi)動(dong)化(hua)係(xi)統(tong)可(ke)能(neng)相(xiang)對(dui)較(jiao)新(xin)
，並(bing)且(qie)這(zhe)些(xie)組(zu)織(zhi)仍(reng)未(wei)確(que)立(li)工(gong)業(ye)網(wang)絡(luo)安(an)全(quan)意(yi)識(shi)。

The lowest percentage of ICS attacks – 15 percent – has been found in enterprises specializing in developing ICS software, meaning that their ICS research/development laboratories, testing platforms, demo stands and training environment are also being attacked by malicious software, although not as often as the ICS computers of industrial enterprises. Kaspersky Lab ICS CERT experts point to the significance of ICS vendors’ security, because the consequences of an attack spreading over the vendor’s partner ecosystem and customer base could be very dramatic – as seen during the ExPetr malware epidemic.

專注於開發工控係統軟件的企業受攻擊比例最低，僅為15% ，不過這意味著這些工控係統研究/開發實驗室
、測試平台、演yan示shi台tai和he培pei訓xun環huan境jing也ye會hui受shou到dao惡e意yi軟ruan件jian的de攻gong擊ji，盡jin管guan不bu像xiang工gong業ye企qi業ye的de工gong控kong係xi統tong計ji算suan機ji那na麼me頻pin繁fan。卡ka巴ba斯si基ji實shi驗yan室shi工gong控kong係xi統tong網wang絡luo應ying急ji響xiang應ying小xiao組zu專zhuan家jia了le指zhi出chu工gong控kong係xi統tong供gong應ying商shang安an全quan的de重zhong要yao性xing

，因yin為wei對dui供gong應ying商shang合he作zuo夥huo伴ban生sheng態tai係xi統tong和he客ke戶hu群qun的de攻gong擊ji蔓man延yan的de後hou果guo可ke能neng非fei常chang強qiang烈lie——正如ExPetr惡意軟件流行期間所發生的。

Among the new trends of 2017, Kaspersky Lab ICS CERT researchers have discovered a rise in mining attacks on ICS. This growth trend began in September 2017, along with an increase in the cryptocurrency market and miners in general. But in the case of industrial enterprises, this type of attack can pose a greater threat by creating a significant load on computers, and as a result, negatively affecting the operation of the enterprise’s ICS components and threatening their stability.

在2017年的新趨勢中，卡巴斯基實驗室工控係統網絡應急響應小組的研究人員發現了對工控係統挖礦攻擊的增加。這種增長趨勢始於2017年9yue，bansuijiamihuobishichanghuobaohekuanggongzongtizengjia。danduigongyeqiyeeryan，zheleigongjikenenghuiduijisuanjizaochengzhongdafudancongergouchenggengdadeweixie

，duiqiyedegongkongxitongzujiandeyunxingchanshengfumianyingxiangbingweixieqiwendingxing。

Overall, during the period from February 2017 to January 2018, cryptocurrency mining programs attacked three percent of industrial automation system computers, in most cases accidentally.

總的來說，在2017年2月至2018年1月期間
，加密電子貨幣挖掘程序攻擊了3％的工業自動化係統計算機，絕大多數是意外攻擊。

Other highlights from the report include:
報告的其他亮點包括：

• Kaspersky Lab products blocked attempted infections on 38% of ICS computers protected by them. This is 1.4 percentage points less than in the second half of 2016.
• The internet remains the main source of infection with 22.7% of ICS computers attacked. This is two percent higher than in the first six months of the year. The percentage of blocked web-borne attacks in Europe and North America is substantially lower than elsewhere.
• The top five countries by percentage of ICS computers attacked has remained unchanged since reported in the first half of 2017. This includes Vietnam (70%), Algeria (66%), Morocco (60%), Indonesia (60%) and China (60%).
• In the second half of 2017, the number of different malware modifications detected by Kaspersky Lab solutions installed on industrial automation systems increased from 18,000 to over 18,900.
• In 2017, 11% of all ICS systems were attacked by botnet agents, a malware that secretly infects machines and includes them in a botnet network for remote command execution; the main sources of attacks like this were the internet, removable media and email messages.
• In 2017, Kaspersky Lab ICS CERT identified 63 vulnerabilities in industrial systems and IIoT/IoT systems, and 26 of them have been fixed by vendors.

• 有38％的受卡巴斯基實驗室產品保護的工控係統計算機遭遇攻擊，比2016年下半年減少1.4個百分點。
• 互聯網仍然是主要感染源，有22.7％的工控係統計算機遭受攻擊
  ，比當年前六個月高出兩個百分點。歐洲和北美網絡攻擊受阻的比例明顯低於其他地區。
• 自2017年上半年報告以來，工控係統計算機遭受攻擊的前五位國家百分比保持不變。其中包括越南（70％），阿爾及利亞（66％）
  
  
  ，摩洛哥（60％），印度尼西亞（60％）和中國（ 60％）。
• 在2017年下半年
  ，安裝在工業自動化係統上的卡巴斯基實驗室解決方案檢測到的不同惡意軟件修改數量從18,000個增加到18,900個以上。
• 2017年
  ，所有工控係統中有11％受(shou)到(dao)僵(jiang)屍(shi)網(wang)絡(luo)代(dai)理(li)的(de)攻(gong)擊(ji)，這(zhe)是(shi)一(yi)種(zhong)惡(e)意(yi)軟(ruan)件(jian)
  ，它(ta)會(hui)秘(mi)密(mi)感(gan)染(ran)機(ji)器(qi)並(bing)將(jiang)其(qi)包(bao)含(han)在(zai)僵(jiang)屍(shi)網(wang)絡(luo)中(zhong)以(yi)執(zhi)行(xing)遠(yuan)程(cheng)命(ming)令(ling)，這(zhe)種(zhong)攻(gong)擊(ji)的(de)主(zhu)要(yao)來(lai)源(yuan)是(shi)互(hu)聯(lian)網(wang)、可移動媒介和電子郵件。
• 2017年，卡巴斯基實驗室工控係統網絡應急響應小組發現了工業係統和工業物聯網 / 物聯網係統中的63個漏洞，其中26個已被供應商修複。

“The results of our research into attacked ICS computers in various industries have surprised us, “said Evgeny Goncharov, head of Kaspersky Lab ICS CERT. “For example, the high percentage of ICS computers attacked in power and energy companies demonstrated that the enterprises’ effort to ensure cybersecurity of their automation systems after some serious incidents in the industry is not enough, and there are multiple loopholes still there that cybercriminals can use.”

卡巴斯基實驗室工控係統網絡應急響應小組負責人Evgeny Goncharov表示：“我wo們men對dui各ge行xing業ye受shou攻gong擊ji工gong控kong係xi統tong計ji算suan機ji的de研yan究jiu結jie果guo讓rang我wo們men感gan到dao驚jing訝ya。例li如ru
，電dian力li和he能neng源yuan公gong司si遭zao受shou工gong控kong係xi統tong計ji算suan機ji攻gong擊ji的de比bi例li很hen高gao
，這zhe表biao明ming企qi業ye在zai行xing業ye發fa生sheng嚴yan重zhong事shi故gu後hou確que保bao其qi自zi動dong化hua係xi統tong網wang絡luo安an全quan的de努nu力li是shi不bu夠gou的de，留liu給gei網wang絡luo犯fan罪zui分fen子zi利li用yong的de漏lou洞dong仍reng然ran很hen多duo。”

Kaspersky Lab ICS CERT recommends the following technical measures to be taken:
卡巴斯基實驗室工控係統網絡應急響應小組建議采取以下技術措施：

• Regularly update operating systems, application software and security solutions on systems that are part of the enterprise’s industrial network.
• Restrict network traffic on ports and protocols used on the edge routers and inside organization's OT networks.
• Audit ICS component access control in the enterprise’s industrial network and at its boundaries.
• Deploy dedicated endpoint protection solutions onto ICS servers, workstations and HMIs to secure OT and industrial infrastructure from random cyberattacks.
• Deploy network traffic monitoring, analysis and detection solutions for better protection from targeted attacks.

• 定期更新企業工業網絡係統中的的操作係統、應用軟件和安全方案。
• 限製邊緣路由器和企業運營網絡內使用的端口和協議的網絡流量。
• 在企業工業網絡及其邊界內，審核工控係統組件訪問控製。
• 將專用端點保護解決方案部署到工控係統服務器、工作站和人機界麵上，以保護運營和工業基礎設施免受隨機網絡攻擊。
• 部署網絡流量監控、分析和檢測解決方案，以更好地防範有針對性的攻擊。