The ever-changing technological landscape has made it possible for the business process on the IT side of an enterprise to be interconnected with the physical process on the OT side. While this advancement has improved visibility, speed, and efficiency, it has exposed industrial control systems (ICSs) to threats affecting IT networks for years.

Our expert team extensively looked into reported specific malware families in ICS endpoints to validate ICS security and establish a global baseline for examining threats that put these systems at risk. By doing so, this can help identify the choice of malware and unveil the attackers' motivation, skill levels as well as gather insights about the affected network's ecosystem and cybersecurity hygiene.

An overview of the IT/OT network and ICS endpoints

IT/OT network pertains to the convergence of the IT and OT network-a connection of the business process on the IT side with the physical process on the OT side. The IT/OT network enables data exchange and the monitoring and control of the operations from the IT network.

On the other hand, ICS endpoints are used in the design, development, monitoring, and control of industrial processes. These have specific software to perform important functions. Examples of these software applications are:

  • Industrial automation suites, such as Siemens' Totally Integrated Automation, Kepware's KEPServerEX, and Rockwell Automation's FactoryTalk.
  • Engineering Workstation (EWS), which is used in the programming of an industrial process or workflow. This includes:
    • Control systems such as Mitsubishi Electric's MELSEC GX Works or Phoenix Contact's Nanonavigator
    • HMI (Human Machine Interface) such as MELSEC GT Works or Schneider's GP-PRO EX
    • Robot programming software such as ABB Robotstudio
    • Design software such as Solidworks
    • Historian software such as Honeywell's Uniformance
    • Supervisory Control and Data Acquisition (SCADA) such as Siemens' Simatic WinCC SCADA
    • Field device management and configuration such as PACTware and Honeywell's EZconfig
    • Converters for serial to USB connections such as Moxa's Uport

ICS data through the looking glass

We analyzed data from ICS endpoints that are part of the IT/OT network, not including ICS endpoints from air-gapped systems or those without an internet connection. These endpoints can be found in different IT/OT network levels, except the process and control levels. Moreover, the ICS endpoints we identified were running Windows operating systems.

Attachments

  • Original Link
  • Original Document
  • Permalink

Disclaimer

Trend Micro Inc. published this content on 15 January 2022 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 14 January 2022 22:44:09 UTC.