Telemetry Identifies Commodity Malware Infections Increase at Industrial Organizations

Advanced ICS-specific malware is limited to just a few samples such as TRISIS/TRITON, Stuxnet, CRASHOVERRIDE/Industroyer, and BlackEnergy2; however, countless reports and observations demonstrate commodity malware has been increasingly impacting industrial operations. ICS cybersecurity firm Dragos has identified an increase in malware infections at industrial companies globally throughout 2019 and the beginning of 2020. Notably, the LockerGoga, Emotet, and Ryuk infections of 2019 support this trend with their potential to create operational disruption. While ransomware and potentially disruptive malware are not new threats, Dragos suggests these threats will continue to propagate through networks in ways never seen before, including leveraging different spreading mechanisms for propagation. With the ability for general-purpose malware to have an impact on industrial operations, it is important to limit malware propagation and traversal between IT and OT networks. To mitigate the risk of IT-based malware impacting ICS operations, members are encouraged to implement robust network segmentation, strong chokepoints, and traffic monitoring for ICS anomaly detection. For more discussion and resources on those mitigations steps and several others, review WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities. Read the post at Dragos