One in six ICS computers in Germany was infected with malware in the first half of 2023. One in three ICS computers worldwide. Building automation in particular was the most frequently attacked industry with industrial computers during the study period.
In the first half of 2023, malicious objects were discovered and blocked on around 16 percent of ICS computers (computers for industrial control systems) in Germany, as current analyzes by Kaspersky ICS CERT show. One in three ICS computers worldwide (34 percent) was affected. In the second quarter of this year, Kaspersky experts also registered the highest quarterly threat level since 27, with 2019 percent of ICS computers affected. Financially strong regions in particular were faced with an increase in cyber threats against industrially used computer systems.
Over 11.000 different malware families
The most common threats included malicious scripts and phishing websites (7,0 percent), blocked Internet resources (6,4 percent), and spyware, backdoors and keyloggers (2,6 percent).
Globally, Kaspersky security solutions blocked 11.727 different malware families on industrial systems between January and June of this year. Here again there was an increase (11 percent) in prevented attack attempts on blocked Internet resources.
The number of attacks on ICS systems increased in Australia, New Zealand, USA, Canada, Western Europe and Northern Europe. This increase is primarily due to the blocking of blocked Internet resources and malicious scripts, mostly online and via email to be spread. In addition, spyware detection increased significantly in these countries and regions.
In a global comparison, the number of threats in the first half of 2023 varies considerably. Africa had the highest incidence at 40 percent, while Northern Europe had the lowest at 15 percent.
Building automation remains the most vulnerable industry
Building automation remained the most frequently attacked industry worldwide, with around 39 percent of industrial computers attacked during the study period. The energy and oil and gas industries, on the other hand, have seen opposite trends since 2021: While the energy industry faced 36 percent more threats, the oil and gas sector recorded a decline of 31 percent. In addition, the latest Kaspersky ICS CERT report for the first half of 2023 shows an overall increase in malicious objects in the areas of engineering, ICS integration, manufacturing and the energy sector.
Cybercriminals primarily targeted the energy sector in Northern Europe (25 percent), in Southern Europe increasingly the manufacturing sector (23 percent) and in Western European countries mostly ICS computers from the oil and gas industry (24 percent).
“For industrial companies, cybersecurity is now about protecting investments and ensuring the resilience of key assets,” emphasizes Evgeny Goncharov, head of Kaspersky ICS CERT. “Our analysis of attacks on industry provides important insights into the evolving threat landscape across various industries. When companies understand the risks, they can make informed decisions, use their resources wisely and strengthen their defenses efficiently. In doing so, they not only protect their bottom line, but also contribute to a safer digital ecosystem for everyone.”
Kaspersky recommendations for protecting OT computers
- Conduct regular security assessments of operational technology (OT) systems to identify and address potential cybersecurity issues.
- Establish continuous vulnerability assessment as the basis for effective vulnerability management. Dedicated solutions like Kaspersky Industrial CyberSecurity can be an efficient assistant, provide efficient assistance and are a source of unique, actionable information that is not fully publicly available.
- Conduct regular updates to key components of the company's OT network and install security updates and patches as soon as technically possible.
- Use EDR solutions like Kaspersky Endpoint Detection and Response Expert that can detect and block threats early.
- Conduct dedicated OT security training for IT security teams and OT personnel, enabling the team to identify and combat advanced attack techniques.
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/