Industrial threats

Threat landscape for industrial automation systems. H1 2020 highlights

Overall downward trend for percentages of attacked computers globally

Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments.

  • In H1 2020 the percentage of ICS computers on which malicious objects were blocked has decreased by 6.6 percentage points to 32.6%.
  • The number was highest in Algeria (58.1%), and lowest in Switzerland (12.7%).
  • Despite the overall tendency for the percentages of attacked computers to decrease, we did see the number grow in the Oil & Gas sector by 1.6 p.p. to 37.8% and by 1.9 p.p. to 39.9 % for computers used in building automation systems. These numbers are higher than the percentages around the world overall.

Percentage of ICS computers on which malicious objects were blocked (download)

Variety of malware

Threats are becoming more targeted and more focused, and as a result, more varied and complex.

  • Kaspersky solutions in ICS environments blocked over 19.7 thousand malware modifications from 4,119 different families.
  • We are seeing noticeably more families of backdoors, spyware, Win32 exploits and malware built on the .Net platform.
  • Ransomware was blocked on 0.63% of ICS computers. This is very similar to the total of 0.61% in H2 2019.

Main threat sources

The internet, removable media and email continue to be the main sources of threats in the ICS environment. Predictably, the percentages in the rankings for these threats have decreased.

  • Internet threats were blocked on 16.7% of ICS computers (-6.4 p.p.).
  • Threats penetrating when removable media are connected were blocked on 5.8% of computers (-1.9 p.p.).
  • Malicious email attachments were blocked on 3.4% of ICS computers (-1.1 p.p.).

Main sources of threats blocked on ICS computers* (download)

* percentage of ICS computers on which malicious objects from different sources were blocked

Regional differences

Asia and Africa were the least secure.

  • Asian regions occupy 4 out of the TOP 5 positions in the regional rankings based on the percentage of ICS computers which were attacked. Africa comes second.
  • Southeast Asia is the worst hit – it leads in several ratings:
    1. Percentage of ICS computers where malicious activity was blocked – 49.8%.
    2. percentage of ICS computers where internet threats were blocked – 14.9%.
    3. Percentage of ICS computers where malicious email attachments were blocked – 5.8%.
  • Africa leads in the ranking of regions by percentage of ICS computers where malicious activity was blocked when removable media were connected with (14.9%).

The situation is best in Australia, Europe, USA and Canada, which are in at the bottom in all of the rankings except by malicious email attachments.

  • Northern Europe is the most secure region with the lowest positions in rankings in H1 2020:
    1. by percentage of ICS computers attacked – 10.1%,
    2. by percentage of ICS computers on which internet threats were blocked – 4.6%,
    3. By percentage of ICS computers where malicious email attachments were blocked (1.1%).
  • The lowest percentage of ICS computers on which threats were blocked when removable media were connected was in Australia – 0.8%. Northern Europe came in with a close second of 0.9%.
  • In Australia, Europe, USA and Canada the percentages in the rankings by malicious email attachments were higher than by threats on removable media with Eastern Europe as the exception – 3.5% and 3.7% respectively.

Southern and Eastern Europe were the least secure regions in Europe.

  • Southern and Eastern Europe were in the TOP 5 of the rankings by percentages of ICS computers where malicious email attachments were blocked. Southern Europe came in second with 5.2% and Eastern Europe fifth with 3.5%.
  • Eastern Europe was the only region in the world where we saw an increase of 0.9 p.p. in the percentage of computers where threats were blocked when removable media were connected, coming in with 3.7%.

Full version of the report.

Threat landscape for industrial automation systems. H1 2020 highlights

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2024

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

Subscribe to our weekly e-mails

The hottest research right in your inbox