- Spyware, backdoors and keyloggers were blocked on 2.6 percent of computers
- Financially strong nations more in the focus of cyber criminals
In the first half of 2023, malicious objects were detected and blocked on around 16 percent of ICS computers (computers for industrial control systems) in Germany, according to current analyses by Kaspersky ICS CERT [1]. Worldwide, every third ICS computer (34 percent) was affected. In the second quarter of this year, Kaspersky experts also registered the highest quarterly threat level since 2019, with 27 percent of ICS computers affected. Financially strong regions in particular faced an increase in cyber threats against industrially used computer systems.
Malware affected one-sixth (circa 16 per cent) of industrial control systems in Germany in the first half of 2023. The most common threats included malicious scripts and phishing websites (7.0 per cent), blocked internet resources (6.4 per cent) and spyware, backdoors and keyloggers (2.6 per cent).
Worldwide, Kaspersky’s security solutions blocked 11,727 different malware families on industrial systems between January and June of this year. Here, there was again an increase (11 per cent) in the number of prevented attack attempts on blocked Internet resources.
The number of attacks on ICS systems increased in Australia, New Zealand, the USA, Canada, Western Europe and Northern Europe. This increase is primarily due to the blocking of blocked Internet resources and malicious scripts, which are mostly spread online and via e-mail. In addition, spyware detection increased significantly in these countries and regions.
In a global comparison, threat levels varied significantly in the first half of 2023. For example, Africa had the highest incidence at 40 per cent, while Northern Europe had the lowest at 15 per cent.
Building automation remains the most vulnerable sector
Building automation remained the most attacked industry worldwide, accounting for about 39 per cent of industrial computers attacked during the study period. Energy and oil and gas industries, on the other hand, have seen contrasting trends since 2021: while the energy industry faced 36 per cent more threats, the oil and gas sector saw a 31 per cent decrease. In addition, the current Kaspersky ICS CERT Report for the first half of 2023 shows an overall increase in malicious objects in the mechanical engineering, ICS integration, manufacturing and energy sectors.
Cybercriminals mainly targeted the energy sector in Northern Europe (25 per cent), the manufacturing sector in Southern Europe (23 per cent) and ICS computers in the oil and gas industry in Western European countries (24 per cent).
“For industrial companies, cybersecurity is now about protecting investments and ensuring the resilience of critical assets,” emphasises Evgeny Goncharov, Head of Kaspersky ICS CERT. “Our analysis of attacks on industry provides important insights into how the threat landscape is evolving across different industries. When companies know the risks, they can make informed decisions, allocate their resources wisely and strengthen their defences efficiently. In this way, they not only protect their bottom line, but also contribute to a more secure digital ecosystem for all.”
Kaspersky recommendations for protecting OT computers
Conduct regular security assessments of OT (Operation Technology) systems to identify and address potential cyber security issues.
Establish a continuous vulnerability assessment as a basis for effective vulnerability management. Dedicated solutions such as Kaspersky Industrial CyberSecurity [2] can be an effective assistant, provide efficient assistance and are a source of unique, actionable information that is not in the public domain without restrictions.
Regularly update key components of the company’s OT network and install security updates and patches as soon as technically possible.
Deploy EDR solutions such as Kaspersky Endpoint Detection and Response Expert [3] that can detect and block threats early.
Conduct dedicated OT security training [4] for IT security teams and OT personnel that enables the team to detect and combat advanced attack techniques.
[2] https://www.kaspersky.de/enterprise-security/industrial
[3] https://www.kaspersky.de/enterprise-security/endpoint-detection-response-edr
[4] https://www.kaspersky.de/enterprise-security/cyber-security-training
Useful links:
Kaspersky ICS CERT: https://ics-cert.kaspersky.com/
Kaspersky ICS Threat landscape: https://ics-cert.kaspersky.com/publications/reports/2023/09/13/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2023/?utm_source=press-release&utm_medium=email&utm_campaign=threat-landscape-for-industrial-automation-systems-statistics-for-h1-2023
Kaspersky Industrial CyberSecurity: https://www.kaspersky.de/enterprise-security/industrial
Kaspersky Endpoint Detection and Response: https://www.kaspersky.de/enterprise-security/endpoint-detection-response-edr
Kaspersky Cybersecurity Training: https://www.kaspersky.de/enterprise-security/cyber-security-training