Industrial threats

Threat landscape for industrial automation systems. H2 2023

Global statistics across all threats

In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%.

Percentage of ICS computers on which malicious objects were blocked, by half year

Percentage of ICS computers on which malicious objects were blocked, by half year

Selected industries

In H2 2023, building automation once again had the highest percentage of ICS computers on which malicious objects were blocked of all industries that we looked at. Oil and Gas was the only industry to see a slight (0.5 pp) increase in the second half of the year.

Percentage of ICS computers on which malicious objects were blocked in selected industries

Percentage of ICS computers on which malicious objects were blocked in selected industries

Main threat sources

The internet, email clients and removable media remained the main sources of threats to computers connected to enterprise OT networks. In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked dropped for each of the main sources.

Percentage of ICS computers on which malicious objects from various sources were blocked

Percentage of ICS computers on which malicious objects from various sources were blocked

Malicious object categories

Malicious objects blocked by Kaspersky products on ICS computers belonged to many categories. In H2 2023, only one category saw an increase on the first half of the year: ICS computers on which miner executable files for Windows were blocked, by 1.4 times.

Percentage of ICS computers on which the activity of various categories of malicious objects was prevented

Percentage of ICS computers on which the activity of various categories of malicious objects was prevented

Regions

In H2 2023, the percentage of computers on which malicious activity was prevented varied across regions from 38.2% in Africa to 14.8% in Northern Europe. The percentage increased in South Asia, Eastern Europe and Southern Europe.

Regions ranked by percentage of ICS computers on which malicious objects were blocked, H2 2023

Regions ranked by percentage of ICS computers on which malicious objects were blocked, H2 2023

Africa

Africa leads the region rankings

  • By percentage of ICS computers where malicious objects were blocked (all threats).
  • By percentage of ICS computers on which spyware was blocked.
    Regions ranked by percentage of ICS computers on which spyware was blocked, H2 2023

    Regions ranked by percentage of ICS computers on which spyware was blocked, H2 2023

  • By percentage of ICS computers on which worms were blocked.
    Regions ranked by percentage of ICS computers on which worms were blocked, H2 2023

    Regions ranked by percentage of ICS computers on which worms were blocked, H2 2023

  • By percentage of ICS computers on which web miners were blocked.
    Regions ranked by percentage of ICS computers on which browser-based web miners were blocked, H2 2023

    Regions ranked by percentage of ICS computers on which browser-based web miners were blocked, H2 2023

  • By percentage of ICS computers on which removable media threats were blocked
    Regions ranked by percentage of ICS computers on which removable media threats were blocked, H2 2023

    Regions ranked by percentage of ICS computers on which removable media threats were blocked, H2 2023

Southern Europe

  • Leads the regions by percentage of ICS computers on which email threats (malicious email attachments and phishing links) were blocked.
    Regions ranked by percentage of ICS computers on which malicious email attachments and phishing links were blocked, H2 2023

    Regions ranked by percentage of ICS computers on which malicious email attachments and phishing links were blocked, H2 2023

  • Second among the regions by percentage of ICS computers on which malicious documents were blocked.
  • One of the two regions where the percentage of ICS computers on which spyware was blocked rose in the six-month period.

Eastern Europe

  • Saw the largest, among all regions, increase in the percentage of ICS computers on which malicious objects were blocked in H2 2023: 6 pp.
  • Second among the regions by percentage of ICS computers on which malicious scripts and phishing pages were blocked.
  • In the six-month period, the region saw a rise in the percentage of ICS computers on which the following were blocked:
    • Malicious scripts and phishing pages: by 2.9 pp
    • Miner executable files for Windows: by 0.9 pp
    • Worms: by 0.43 pp (the only region where this percentage rose)
    • Denylisted internet resources: by 0.4 pp (the only region where this percentage rose).

Russia

  • Second among the regions by percentage of ICS computers on which miners in the form of executable files for Windows were blocked.

Central Asia

  • Leads the regions by percentage of ICS computers on which denylisted internet resources were blocked.
    Regions ranked by percentage of ICS computers on which denylisted internet resources were blocked, H2 2023

    Regions ranked by percentage of ICS computers on which denylisted internet resources were blocked, H2 2023

  • Leads by percentage of ICS computers on which miners in the form of executable files for Windows were blocked.
    Regions ranked by percentage of ICS computers on which miners in the form of executable files for Windows were blocked, H2 2023

    Regions ranked by percentage of ICS computers on which miners in the form of executable files for Windows were blocked, H2 2023

  • Second among the regions by percentage of ICS computers on which worms were blocked.

East Asia

  • Leads the regions by percentage of ICS computers on which malware for AutoCAD was blocked.
  • Second among the regions by percentage of ICS computers on which viruses were blocked.
  • Spyware ranked second in the region among all malware categories by percentage of ICS computers on which it was blocked.

South-East Asia

  • Leader among the regions by percentage of ICS computers on which viruses were blocked.
    Regions ranked by percentage of ICS computers on which viruses were blocked, H2 2023

    Regions ranked by percentage of ICS computers on which viruses were blocked, H2 2023

  • Viruses ranked third in the region among all malware categories by percentage of ICS computers on which they were blocked.

South Asia

  • Leader (along with the Middle East) among the regions by percentage of ICS computers on which ransomware was blocked.
    Regions ranked by percentage of ICS computers on which ransomware was blocked, H2 2023

    Regions ranked by percentage of ICS computers on which ransomware was blocked, H2 2023

Middle East

  • Leads (together with South Asia) the regions by percentage of ICS computers on which ransomware was blocked.
  • Second among the regions by percentage of ICS computers on which spyware was blocked.
  • Second among the regions by percentage of ICS computers on which web miners were blocked.

Latin America

  • Leads the regions by percentage of ICS computers on which malicious scripts and phishing pages were blocked.
    Regions ranked by percentage of ICS computers on which malicious scripts and phishing pages were blocked, H2 2023

    Regions ranked by percentage of ICS computers on which malicious scripts and phishing pages were blocked, H2 2023

  • Leader by percentage of ICS computers on which malicious documents were blocked.
    Regions ranked by percentage of ICS computers on which malicious documents were blocked, H2 2023

    Regions ranked by percentage of ICS computers on which malicious documents were blocked, H2 2023

  • Second among the regions by percentage of ICS computers on which malicious email attachments and phishing links were blocked.

Australia and New Zealand

  • The only region where the percentage of ICS computers on which malicious documents were blocked rose in the six-month period.

The full report is available on the Kaspersky ICS CERT website.

Threat landscape for industrial automation systems. H2 2023

Your email address will not be published. Required fields are marked *

 

Reports

How to catch a wild triangle

How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.

Subscribe to our weekly e-mails

The hottest research right in your inbox