Industrial threats

Threat landscape for industrial automation systems. H1 2020 highlights

Overall downward trend for percentages of attacked computers globally

Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments.

  • In H1 2020 the percentage of ICS computers on which malicious objects were blocked has decreased by 6.6 percentage points to 32.6%.
  • The number was highest in Algeria (58.1%), and lowest in Switzerland (12.7%).
  • Despite the overall tendency for the percentages of attacked computers to decrease, we did see the number grow in the Oil & Gas sector by 1.6 p.p. to 37.8% and by 1.9 p.p. to 39.9 % for computers used in building automation systems. These numbers are higher than the percentages around the world overall.

Percentage of ICS computers on which malicious objects were blocked (download)

Variety of malware

Threats are becoming more targeted and more focused, and as a result, more varied and complex.

  • Kaspersky solutions in ICS environments blocked over 19.7 thousand malware modifications from 4,119 different families.
  • We are seeing noticeably more families of backdoors, spyware, Win32 exploits and malware built on the .Net platform.
  • Ransomware was blocked on 0.63% of ICS computers. This is very similar to the total of 0.61% in H2 2019.

Main threat sources

The internet, removable media and email continue to be the main sources of threats in the ICS environment. Predictably, the percentages in the rankings for these threats have decreased.

  • Internet threats were blocked on 16.7% of ICS computers (-6.4 p.p.).
  • Threats penetrating when removable media are connected were blocked on 5.8% of computers (-1.9 p.p.).
  • Malicious email attachments were blocked on 3.4% of ICS computers (-1.1 p.p.).

Main sources of threats blocked on ICS computers* (download)

* percentage of ICS computers on which malicious objects from different sources were blocked

Regional differences

Asia and Africa were the least secure.

  • Asian regions occupy 4 out of the TOP 5 positions in the regional rankings based on the percentage of ICS computers which were attacked. Africa comes second.
  • Southeast Asia is the worst hit – it leads in several ratings:
    1. Percentage of ICS computers where malicious activity was blocked – 49.8%.
    2. percentage of ICS computers where internet threats were blocked – 14.9%.
    3. Percentage of ICS computers where malicious email attachments were blocked – 5.8%.
  • Africa leads in the ranking of regions by percentage of ICS computers where malicious activity was blocked when removable media were connected with (14.9%).

The situation is best in Australia, Europe, USA and Canada, which are in at the bottom in all of the rankings except by malicious email attachments.

  • Northern Europe is the most secure region with the lowest positions in rankings in H1 2020:
    1. by percentage of ICS computers attacked – 10.1%,
    2. by percentage of ICS computers on which internet threats were blocked – 4.6%,
    3. By percentage of ICS computers where malicious email attachments were blocked (1.1%).
  • The lowest percentage of ICS computers on which threats were blocked when removable media were connected was in Australia – 0.8%. Northern Europe came in with a close second of 0.9%.
  • In Australia, Europe, USA and Canada the percentages in the rankings by malicious email attachments were higher than by threats on removable media with Eastern Europe as the exception – 3.5% and 3.7% respectively.

Southern and Eastern Europe were the least secure regions in Europe.

  • Southern and Eastern Europe were in the TOP 5 of the rankings by percentages of ICS computers where malicious email attachments were blocked. Southern Europe came in second with 5.2% and Eastern Europe fifth with 3.5%.
  • Eastern Europe was the only region in the world where we saw an increase of 0.9 p.p. in the percentage of computers where threats were blocked when removable media were connected, coming in with 3.7%.

Full version of the report.

Threat landscape for industrial automation systems. H1 2020 highlights

Your email address will not be published. Required fields are marked *

 

Reports

Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

APT trends report Q1 2023

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Subscribe to our weekly e-mails

The hottest research right in your inbox