OT/ICS Security – What Threats are Impacting ICS Endpoints?

Based on its extensive visibility into OT environments, TrendMicro recently released a report highlighting the threats to ICS endpoints. The 2020 Report: ICS Endpoints as Starting Points for Threats shares the status of global industrial systems in terms of security against both known and new threats that hound ICS endpoints. TrendMicro looked at the data from ICS endpoints that are part of the IT/OT network, specifically industrial automation suites and Engineering Workstations. This report does not include ICS endpoints from air-gapped systems or those without an internet connection. According to TrendMicro, the ICS endpoints in this research are found at various levels of the IT/OT network architecture, except the process and control level. All the identified ICS endpoints were running Windows operating systems. The results reveal ransomware, coinminers, and legacy malware (think 2008’s Conficker) are the big impacts to ICS endpoints. Legacy threats are due partly (if not largely) to the use of USB’s for transferring files. For more on threats to OT systems from USBs, see the WaterISAC Resource Center post Say it isn’t so…USB’s are Still a Threat to OT Systems for highlights from Honeywell’s USB Threat Report 2020. Trend also provides a one-page primer of its report that might be good to share with leadership. For more findings and recommendations on how to combat these threats, access the report at TrendMicro.