Threat landscape for Industrial Control Systems (ICS)- Statistics for H1 2021

Cybercrime PCI today 109 200 3

Background
share close

Industrial organizations always attract attention from both cybercriminals and politically-motivated threat actors.

Reflecting on the previous half year, we have seen among other findings, growth in the number of cyberespionage and malicious credential stealing campaigns. Their success has most likely been the main factor raising the ransomware threat to such a high degree, and I see no reason why some of the APT groups won’t benefit from these credential stealing campaigns as well.

said Evgeny Goncharov, security expert at Kaspersky.

Percentage of ICS computers attacked

  • During the first half of 2021 (H1 2021) the percentage of attacked ICS computers was 33.8%, which was 0.4 percentage points (p.p.) higher than in H2 2020. Per country the number varied from 58.4% in Algeria to 6.8% in Israel. If we look at regional numbers, Africa led with 46.1%, followed by Southeast Asia at 44.1%, East Asia at 43.1% and Central Asia at 42.1%.
Percentage of ICS computers on which malicious objects were blocked
  • The largest increases in the percentage of attacked ICS computers during H1 2021 were as follows:
    • Over 10 p.p. in Belarus (50.4%) and Ukraine (33.1%);
    • 7.4 p.p. in the Czech Republic (20.2%) and Slovakia (24.3%);
    • 6.5 p.p. in Hong Kong (20.8%);
    • 6 p.p. in Australia (23%) and Cameroon (45.2%).

The internet was the main source of threats causing these increases.

Geographical distribution of attacks on industrial automation systems in H1 2021
  • The percentage of ICS computers on which threats were blocked decreased in all monitored industries. This was especially noticeable in the oil and gas (36.5%) and building automation (40.3%) sectors (-7.5 p.p. and -6.3 p.p., respectively).
Percentage of ICS computers on which malicious objects were blocked in selected industries

Main threat sources

The internet, removable media and email continue to be the main sources of threats to computers in ICS environments.

  1. Threats from the internet were blocked on 18.2% of ICS computers (+1.5 p.p.).

In H1 2021, the largest increases of this indicator were observed in Belarus (+12.2 p.p.), Ukraine (+8 p.p.) and Russia (+6.7 p.p.)

Russia headed this rating among regions with 27.6% and Belarus among individual countries with 32.8%.

  1. Threats arriving via removable media connections were blocked on 5.2% of ICS computers (-0.2 p.p.), which continues a downward trend beginning in H2 2019.

Africa leads noticeably amidst regional rankings with 15.6%, and Algeria leads among individual countries with 24%.

In H1 2021 the percentage of ICS computers on which threats were blocked when removable media were connected to them decreased in Asian regions.

  1. Malicious email attachments were blocked on 3.4% of ICS computers (-0.6 p.p.).

Southern Europe was the highest ranked region for this indicator with 6.4%, while Bangladesh led among individual countries with 8.8%.

The only region where the percentage increased was Australia and New Zealand (+1.3 p.p.)

The variety of malware detected

In H1 2021 Kaspersky security solutions blocked over 20.1 thousand malware variants from 5,150 families in ICS environments.

  1. Denylisted internet resources were the main threat source and were blocked on 14% of ICS computers.

Threat actors use malicious scripts on various media resources and sites hosting pirated content. These scripts redirect users to websites that spread spyware and/or cryptocurrency miners. The percentage of computers where such threats have been blocked has been growing since 2020.

  1. Malicious scripts and redirects (JS and HTML) were blocked on 8.8% of ICS computers (+0.7 p,p,).

Australia and New Zealand (+3.8 p.p.), as well as Russia (+4.4 p.p.) saw a noticeable growth in the percentage of computers where malicious downloader scripts used for downloading spyware were blocked.

  1. Spyware (backdoors, Trojan spies and keyloggers) were blocked on 7.4% of ICS computers (+0.4 p.p.).

This indicator was highest in East Asia (14.3%), Africa (13.4%) and Southeast Asia (11.2%).

  1. Ransomware was blocked on 0.40% of ICS computers (-0.1 p.p.)

This indicator is highest in East Asia with 0.82%.

In the Middle East we saw an increase in the percentage of computers on which worms (+0.4 p.p.) and ransomware (+0.3 p.p.) were blocked.

Percentage of ICS computers on which malicious objects from various categories were blocked
Read the full ICS threat landscape report from Kaspersky

Written by: PCI

Tagged as: , .

Rate it
Previous post