Threat landscape for industrial automation systems. H2 2023

Industrial threats

19 Mar 2024

minute read

Global statistics across all threats
Selected industries
Main threat sources
Malicious object categories
Regions

Africa
Southern Europe
Eastern Europe
Russia
Central Asia
East Asia
South-East Asia
South Asia
Middle East
Latin America
Australia and New Zealand

Authors

Kaspersky ICS CERT

Global statistics across all threats

In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%.

Percentage of ICS computers on which malicious objects were blocked, by half year

Selected industries

In H2 2023, building automation once again had the highest percentage of ICS computers on which malicious objects were blocked of all industries that we looked at. Oil and Gas was the only industry to see a slight (0.5 pp) increase in the second half of the year.

Percentage of ICS computers on which malicious objects were blocked in selected industries

Main threat sources

The internet, email clients and removable media remained the main sources of threats to computers connected to enterprise OT networks. In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked dropped for each of the main sources.

Percentage of ICS computers on which malicious objects from various sources were blocked

Malicious object categories

Malicious objects blocked by Kaspersky products on ICS computers belonged to many categories. In H2 2023, only one category saw an increase on the first half of the year: ICS computers on which miner executable files for Windows were blocked, by 1.4 times.

Percentage of ICS computers on which the activity of various categories of malicious objects was prevented

Regions

In H2 2023, the percentage of computers on which malicious activity was prevented varied across regions from 38.2% in Africa to 14.8% in Northern Europe. The percentage increased in South Asia, Eastern Europe and Southern Europe.

Regions ranked by percentage of ICS computers on which malicious objects were blocked, H2 2023

Africa

Africa leads the region rankings

By percentage of ICS computers where malicious objects were blocked (all threats).
By percentage of ICS computers on which spyware was blocked.
Regions ranked by percentage of ICS computers on which spyware was blocked, H2 2023
By percentage of ICS computers on which worms were blocked.
Regions ranked by percentage of ICS computers on which worms were blocked, H2 2023
By percentage of ICS computers on which web miners were blocked.
Regions ranked by percentage of ICS computers on which browser-based web miners were blocked, H2 2023
By percentage of ICS computers on which removable media threats were blocked
Regions ranked by percentage of ICS computers on which removable media threats were blocked, H2 2023

Southern Europe

Leads the regions by percentage of ICS computers on which email threats (malicious email attachments and phishing links) were blocked.
Regions ranked by percentage of ICS computers on which malicious email attachments and phishing links were blocked, H2 2023
Second among the regions by percentage of ICS computers on which malicious documents were blocked.
One of the two regions where the percentage of ICS computers on which spyware was blocked rose in the six-month period.

Eastern Europe

Saw the largest, among all regions, increase in the percentage of ICS computers on which malicious objects were blocked in H2 2023: 6 pp.
Second among the regions by percentage of ICS computers on which malicious scripts and phishing pages were blocked.
In the six-month period, the region saw a rise in the percentage of ICS computers on which the following were blocked:
- Malicious scripts and phishing pages: by 2.9 pp
- Miner executable files for Windows: by 0.9 pp
- Worms: by 0.43 pp (the only region where this percentage rose)
- Denylisted internet resources: by 0.4 pp (the only region where this percentage rose).

Russia

Second among the regions by percentage of ICS computers on which miners in the form of executable files for Windows were blocked.

Central Asia

Leads the regions by percentage of ICS computers on which denylisted internet resources were blocked.
Regions ranked by percentage of ICS computers on which denylisted internet resources were blocked, H2 2023
Leads by percentage of ICS computers on which miners in the form of executable files for Windows were blocked.
Regions ranked by percentage of ICS computers on which miners in the form of executable files for Windows were blocked, H2 2023
Second among the regions by percentage of ICS computers on which worms were blocked.

East Asia

Leads the regions by percentage of ICS computers on which malware for AutoCAD was blocked.
Second among the regions by percentage of ICS computers on which viruses were blocked.
Spyware ranked second in the region among all malware categories by percentage of ICS computers on which it was blocked.

South-East Asia

Leader among the regions by percentage of ICS computers on which viruses were blocked.
Regions ranked by percentage of ICS computers on which viruses were blocked, H2 2023
Viruses ranked third in the region among all malware categories by percentage of ICS computers on which they were blocked.

South Asia

Leader (along with the Middle East) among the regions by percentage of ICS computers on which ransomware was blocked.
Regions ranked by percentage of ICS computers on which ransomware was blocked, H2 2023

Middle East

Leads (together with South Asia) the regions by percentage of ICS computers on which ransomware was blocked.
Second among the regions by percentage of ICS computers on which spyware was blocked.
Second among the regions by percentage of ICS computers on which web miners were blocked.

Latin America

Leads the regions by percentage of ICS computers on which malicious scripts and phishing pages were blocked.
Regions ranked by percentage of ICS computers on which malicious scripts and phishing pages were blocked, H2 2023
Leader by percentage of ICS computers on which malicious documents were blocked.
Regions ranked by percentage of ICS computers on which malicious documents were blocked, H2 2023
Second among the regions by percentage of ICS computers on which malicious email attachments and phishing links were blocked.

Australia and New Zealand

The only region where the percentage of ICS computers on which malicious documents were blocked rose in the six-month period.

The full report is available on the Kaspersky ICS CERT website.

Authors

Kaspersky ICS CERT

Threat landscape for industrial automation systems. H2 2023

Latest Posts

Latest Webinars

Reports

Kaspersky analyzes SideWinder APT’s recent activity: new targets in the MiddleEast and Africa, post-exploitation tools and techniques.

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

Kaspersky has identified a new EastWind campaign targeting Russian organizations and using CloudSorcerer as well as APT31 and APT27 tools.

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Global statistics across all threats

Selected industries

Main threat sources

Malicious object categories

Regions

Africa

Southern Europe

Eastern Europe

Russia

Central Asia

East Asia

South-East Asia

South Asia

Middle East

Latin America

Australia and New Zealand

Subscribe to our weekly e-mails

Latest Posts

Latest Webinars

Reports

Subscribe to our weekly e-mails

Subscribe to our weekly e-mails