Industrial organizations always attract attention from both cybercriminals and politically-motivated threat actors. Reflecting on the previous half year, we have seen among other findings, growth in the number of cyberespionage and malicious credential stealing campaigns. Their success has most likely been the main factor raising the ransomware threat to such [...]
Industrial organizations always attract attention from both cybercriminals and politically-motivated threat actors.
Reflecting on the previous half year, we have seen among other findings, growth in the number of cyberespionage and malicious credential stealing campaigns. Their success has most likely been the main factor raising the ransomware threat to such a high degree, and I see no reason why some of the APT groups won’t benefit from these credential stealing campaigns as well.
said Evgeny Goncharov, security expert at Kaspersky.
Percentage of ICS computers attacked
During the first half of 2021 (H1 2021) the percentage of attacked ICS computers was 33.8%, which was 0.4 percentage points (p.p.) higher than in H2 2020. Per country the number varied from 58.4% in Algeria to 6.8% in Israel. If we look at regional numbers, Africa led with 46.1%, followed by Southeast Asia at 44.1%, East Asia at 43.1% and Central Asia at 42.1%.
The largest increases in the percentage of attacked ICS computers during H1 2021 were as follows:
Over 10 p.p. in Belarus (50.4%) and Ukraine (33.1%);
7.4 p.p. in the Czech Republic (20.2%) and Slovakia (24.3%);
6.5 p.p. in Hong Kong (20.8%);
6 p.p. in Australia (23%) and Cameroon (45.2%).
The internet was the main source of threats causing these increases.
The percentage of ICS computers on which threats were blocked decreased in all monitored industries. This was especially noticeable in the oil and gas (36.5%) and building automation (40.3%) sectors (-7.5 p.p. and -6.3 p.p., respectively).
Main threat sources
The internet, removable media and email continue to be the main sources of threats to computers in ICS environments.
Threats from the internet were blocked on 18.2% of ICS computers (+1.5 p.p.).
In H1 2021, the largest increases of this indicator were observed in Belarus (+12.2 p.p.), Ukraine (+8 p.p.) and Russia (+6.7 p.p.)
Russia headed this rating among regions with 27.6% and Belarus among individual countries with 32.8%.
Threats arriving via removable media connections were blocked on 5.2% of ICS computers (-0.2 p.p.), which continues a downward trend beginning in H2 2019.
Africa leads noticeably amidst regional rankings with 15.6%, and Algeria leads among individual countries with 24%.
In H1 2021 the percentage of ICS computers on which threats were blocked when removable media were connected to them decreased in Asian regions.
Malicious email attachments were blocked on 3.4% of ICS computers (-0.6 p.p.).
Southern Europe was the highest ranked region for this indicator with 6.4%, while Bangladesh led among individual countries with 8.8%.
The only region where the percentage increased was Australia and New Zealand (+1.3 p.p.)
The variety of malware detected
In H1 2021 Kaspersky security solutions blocked over 20.1 thousand malware variants from 5,150 families in ICS environments.
Denylisted internet resources were the main threat source and were blocked on 14% of ICS computers.
Threat actors use malicious scripts on various media resources and sites hosting pirated content. These scripts redirect users to websites that spread spyware and/or cryptocurrency miners. The percentage of computers where such threats have been blocked has been growing since 2020.
Malicious scripts and redirects (JS and HTML) were blocked on 8.8% of ICS computers (+0.7 p,p,).
Australia and New Zealand (+3.8 p.p.), as well as Russia (+4.4 p.p.) saw a noticeable growth in the percentage of computers where malicious downloader scripts used for downloading spyware were blocked.
Spyware (backdoors, Trojan spies and keyloggers) were blocked on 7.4% of ICS computers (+0.4 p.p.).
This indicator was highest in East Asia (14.3%), Africa (13.4%) and Southeast Asia (11.2%).
Ransomware was blocked on 0.40% of ICS computers (-0.1 p.p.)
This indicator is highest in East Asia with 0.82%.
In the Middle East we saw an increase in the percentage of computers on which worms (+0.4 p.p.) and ransomware (+0.3 p.p.) were blocked.
PCI SSC does not require QSAs or ISAs to visit personnel private residences for any purpose, including the review of work-from-home (WFH) environments to validate PCI DSS requirements. Entities should ...
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.