An industrial infrastructure can receive more than 2,750 cyber-attacks per year

18 Oct 2017
3 Minutes of reading
  • The S2 Grupo company has developed a two-year research process on cyber-attacks to critical infrastructures and industrial facilities to create effective cyber-protection systems that prevent the devastating consequences that an attack could produce in these environments and in society.
  • In 2015 the company launched a Honeypot to attract attacks by cybercriminals and study their behavior. In only two years it received more than 5,500 attacks, which shows that they are a direct target for cyber-attackers.
  • Among the main conclusions of the report it emphasizes that currently any industrial control system is exposed to the same cyber risk as a computer, we must avoid using web servers to configure industrial devices and that cybersecurity training of the human team is essential to minimize risks.

Valencia, September 14, 2017.- The Valencian company S2 Grupo has presented today the 1st Report on the research project iHoney at its headquarters in Madrid. This is part of the R&D+i line of the company and has been funded by the Ministry of Industry, Energy and Tourism, within the 2013-2016 scientific research, development and technological innovation plan. The objective of this study has been to investigate the keys to the cybersecurity of industry 4.0 and to prevent cyber-attacks that put their operation in check. The meeting was attended by José Rosell, associate-director of S2 Grupo, and Óscar Navarro, who is responsible for industrial cybersecurity at S2 Grupo. They have explained that the survival of modern societies depends to a large extent on the continuity of their infrastructures, especially those considered critical (transport, communications, energy, water supply, etc.). As their correct functioning is closely linked to the integrity of the systems that control them and these are increasingly exposed to possible cyber-attacks because of their integration with ICTs (most can be accessed remotely and are connected to the network), it is essential to develop adequate cyber-protection systems that prevent them from being attacked by cybercriminals and thus avoid devastating consequences such as those suffered by the well-known Wannacry. "Currently we are talking about industry 4.0, in which industrial facilities are connected to the network. Hence, the systems that control it can be hacked by cybercriminals, like a computer. This prompted that from S2 Grupo we put in place this research project with the objective of knowing how the attackers work, what objectives they pursue and to develop effective tools for the protection of the industry", said José Rosell. To develop this project, in 2015 the team of experts of the company launched a Honeypot, a model of an infrastructure considered "critical" and connected to the Internet in the same way that any other industry does and in the eyes of any hacker it is just another critical infrastructure to attack. In just two years it received more than 5,500 attacks of varying intensity, which shows how they are a direct target of cybercriminals. "This Honeypot was created as a source to extract information about the type of attacks that can be expected in an industrial infrastructure and, consequently, to be able to design specific and effective tools for the protection of industrial control systems today", explained Óscar Navarro. Conclusions of the 1st Report of the iHoney Research Project: Keys to Industrial Cybersecurity Today Since its development in 2015, the Honeypot created by S2 Grupo received more than 5,500 attacks of different intensity. If they had been directed to a real critical infrastructure (transport, communications, energy, water supply, etc.), they could have had really harmful consequences for society. Among the main conclusions and keys for industrial cybersecurity extracted from the 1st Report of the iHoney research project of S2 Grupo are the following:

  1. Most attacks come from automated tools.- Nowadays any industrial control system is exposed to the same types of cyberattacks that could be suffered by any system connected to the Internet, such as a computer (ramsonware, etc.).
  2. Origin of cyber-attacks.- Nearly half of the cyber-attacks received come from the United States, the Netherlands, the United Kingdom and Romania (13%, 11%, 10% and 10% respectively).
  3. Nuevo panorama de ciberseguridad.- Debido al aumento de la exposición de los sistemas de control industrial a las amenazas que tradicionalmente han afectado a las TI, llegará un punto en que no tenga sentido diferenciar entre amenazas propias de un entorno u otro, dado que serán comunes. S2 Grupo ha concluido que es necesario desarrollar nuevas líneas de trabajo para hacer frente al nuevo panorama. Para ello, la compañía está trabajando en iniciativas de desarrollo de soluciones para la industria 4.0 para las que ha puesto en marcha dos proyectos de I+D+i. New view of cybersecurity.- Due to the increase in the exposure of industrial control systems to the threats that have traditionally affected IT, there will be a point where it will not make sense to differentiate between threats of one environment or another as they will be common. S2 Grupo has concluded that it is necessary to develop new lines of work to deal with the new scenario. To this end, the company is working on initiatives for the development of solutions for the industry 4.0 for which it has launched two R&D+i projects.
  4. Beware of web servers to configure industrial devices.- For cybercriminals who carry out widespread Internet attacks Web services offered by companies on the network are very attractive because they can be affected by a wide variety of vulnerabilities and, in addition, attackers have an extensive knowledge in exploiting web applications. This is a key factor to take into account due to the current trend of industrial device manufacturers to include web servers to configure the devices, as they would put companies at high risk
  5. Fundamental: training and awareness.- The human team has now become a key factor in cybersecurity. On the one hand, they are a risk factor and, on the other hand, they are in the first line of defense. The report concludes that it has been proven that by eliminating the human factor attacks are received, but the consequences are minimized by not activating much of the malware, which usually requires the intervention of an unsuspecting user to start their activity. For this reason, when designing cybersecurity strategies, training and awareness-raising are essential as a key piece of strategy to protect a critical infrastructure. The members of an organization must be seen as an active security element thereof.

More information: