The U.S. Department of Homeland Security's Industrial Control Systems Cybersecurity Emergency Response Team (ICS-CERT) detected a rise in reported cyberattacks against critical manufacturing organizations in 2015, according a new ICS-CERT report.
During ICS-CERT's previous fiscal year, which ended in September 2015, there were 295 reported cyberattack incidents involving U.S. critical infrastructure. Of those, 97 incidents, or 33 percent, affected the critical manufacturing sector. By contrast, critical manufacturing represented only 27 percent of cyberattacks in FY 2014 (65 incidents). The report ascribed this increase to a pervasive spear phishing campaign in 2015 that focused primarily on manufacturers.
The report also stated many of the 295 reported attacks exploited “insufficiently architected networks such as ICS networks being directly connected to the Internet or to corporate networks.” Spear phishing accounted for 37 percent of the total incidents.