Authors
Statistics across all threats
In the third quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 1.5 pp to 22% when compared to the previous quarter.
Percentage of ICS computers on which malicious objects were blocked, by quarter, 2022–2024
Compared to the third quarter of 2023, the percentage decreased by 1.7 pp.
The percentage of ICS computers on which malicious objects were blocked during the third quarter of 2024 was highest in July and September, and lowest in August. In fact, the percentage in August 2024 was the lowest of any month in the observation period.
Percentage of ICS computers on which malicious objects were blocked, Jan 2023–Sep 2024
Region rankings
Regionally[1], the percentage of ICS computers that blocked malicious objects during the quarter ranged from 9.7% in Northern Europe to 31.5% in Africa.
Regions ranked by percentage of ICS computers where malicious objects were blocked, Q3 2024
Six regions: Africa, South Asia, South-East Asia, the Middle East, Latin America and East Asia, saw their percentages increase from the previous quarter.
Regions and the world. Changes in the percentage of attacked ICS computers in Q3 2024
Selected industries
The biometrics sector led the surveyed industries in terms of the percentage of ICS computers on which malicious objects were blocked.
Percentage of ICS computers on which malicious objects were blocked in selected industries
In the third quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased across most industries, with the exception of the biometrics and manufacturing sectors.
Changes in the percentage of ICS computers on which malicious objects were blocked in selected industries
Diversity of detected malicious objects
In the third quarter of 2024, Kaspersky’s protection solutions blocked malware from 11,882 different malware families in various categories on industrial automation systems.
Percentage of ICS computers on which the activity of malicious objects in various categories was prevented
The most notable proportional growth during this period was in the percentage of ICS computers on which malicious scripts and phishing pages were blocked, representing an increase of 1.1 times.
Main threat sources
The internet, email clients and removable storage devices remain the primary sources of threats to computers in an organization’s technology infrastructure. Note that the source of the blocked threats cannot be reliably identified every time.
In the third quarter of 2024, the percentage of ICS computers on which threats from various sources were blocked decreased for all threat sources described in this report.
Percentage of ICS computers on which malicious objects from various sources were blocked
Moreover, the percentage of ICS computers on which threats from email clients, removable media and network folders were blocked in the third quarter was the lowest in the observation period.
Threat categories
Malicious objects used for initial infection
Malicious objects used for initial infection of ICS computers include denylisted dangerous internet resources, malicious scripts and phishing pages, and malicious documents.
In the third quarter of 2024, the percentage of ICS computers on which denylisted internet resources and malicious documents were blocked increased to 6.84% (by 0.21 pp) and 1.97% (by 0.01 pp), respectively. The rate of malicious scripts and phishing pages increased more significantly to 6.24% (by 0.55 pp), although in the previous quarter it reached its lowest level since the beginning of 2022.
Next-stage malware
Malicious objects used to initially infect computers deliver next-stage malware: spyware, ransomware, and miners, to victims’ computers. As a rule, the higher the percentage of ICS computers on which the initial infection malware is blocked, the higher the percentage for next-stage malware.
The percentage of ICS computers on which spyware (spy Trojans, backdoors and keyloggers) was blocked decreased by 0.17 pp to 3.91% when compared to the previous quarter.
The percentage of ICS computers on which ransomware was blocked continued to vary from quarter to quarter within 0.03 p.p. It decreased to 0.16% in the observation period.
The percentage of ICS computers on which miners in the form of executable files for Windows were blocked decreased by 0.18 pp to 0.71%.
The percentage of ICS computers on which web miners were blocked decreased by 0.09 pp to 0.41%.
Self-propagating malware
Self-propagating malware (worms and viruses) is a category unto itself. Worms and virus-infected files were originally used for initial infection, but as botnet functionality evolved, they took on next-stage characteristics.
To spread across ICS networks, viruses and worms rely on removable media, network folders, infected files including backups, and network attacks on outdated software.
In the third quarter of 2024, the percentage of ICS computers on which worms were blocked continued to decrease (by 0.18 pp), reaching 1,30%. This is the lowest point since the beginning of 2022. The rate of viruses decreased slightly to 1.53%.
AutoCAD malware
AutoCAD malware is typically a low-level threat, coming last in the malware category rankings in terms of the percentage of ICS computers on which it was blocked.
In the third quarter of 2024, the percentage of ICS computers on which AutoCAD malware was blocked showed a slight decrease to 0.40%.
You can find the full Q3 2024 report on the Kaspersky ICS CERT website.
[1] The report takes into account statistics for the USA received before September 29, 2024.
Authors
From the same authors
In the same category
Threat landscape for industrial automation systems in Q3 2024