Threats against industrial control systems on the rise in H2 2020

Kaspersky carried out an study that reveals globally the percentage of attacked ICS computers in H2 2020 was 33.4%–an increase of .85 percentage points. The percentage of ICS computers attacked in the engineering and ICS integration sector grew by nearly 8 percentage points and by nearly 7 percentage points and 6.2 percentage points in the building automation and oil & gas sectors respectively. Overall, the percentage of ICS computers attacked increased in 62% of the countries examined by Kaspersky researchers and across all five industries studied.

Attacks against industrial organizations always carry the potential to be particularly devastating, both in terms of disruption to production and financial losses. In addition, because of the highly sensitive information industrial organizations possess, they tend to be an attractive target for attackers. However, starting with the second half of 2019, Kaspersky experts had observed a decline in the percentage of ICS computers on which malicious objects were detected, as criminals appeared to be focusing on more targeted attacks. In H2 2020, threats to ICS computers again started to rise from almost each and every perspective, with both the percentage of attacked ICS increasing globally by .85 percentage points and the variety of malware families used increasing by 30 percent.

Of those industries examined by Kaspersky researchers, those with the greatest percentage of ICS computers attacked were building automation at 46.7%, an increase of nearly 7 percentage points from H1 2020, oil & gas at 44%, an increase of 6.2 percentage points from H1 2020, and engineering and ICS integration at 39.3%, an increase of nearly 8 percentage points. Threats to the oil & gas and building automation industries have been on the rise since H1 2019. The other two industries examined by Kaspersky researchers (energy and automotive manufacturing) also saw an increase in the percent of ICS computers on which malicious objects were blocked.

Percentage of ICS computers on which malicious objects were blocked in selected industries

Threats belonging to 5,365 malware families were blocked on ICS computers, an increase of 30% from H1 2020. The most prominent threats were backdoors (dangerous Trojans that gain remote control over the infected device), spyware (malicious programs designed to steal data), other types of Trojans, and malicious scripts and documents.

Overall, 62% of the countries examined by Kaspersky researchers experienced a growth in the percentage of ICS computers attacked. What’s more, in 73.4% of all countries examined (in comparison to 23.6% in H2 2019) the percentage of ICS computers on which malicious email attachments were blocked grew, increasing on average globally by .7 percentage points.

Number of malware families blocked on ICS computers, by half-year, 2019-2020

The company recommends few steps to keep your ICS computers protected from various threats:

  • Regularly update operating systems and application software that are part of the enterprise’s industrial network. Apply security fixes and patches to ICS network equipment as soon as they are available.
  • Conduct regular security audits of OT systems to identify and eliminate possible vulnerabilities.
  • Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets.
  • Dedicated ICS security training for IT security teams and OT engineers is crucial to improve response to new and advanced malicious techniques.
  • Provide the security team responsible for protecting industrial control systems with up-to-date threat intelligence. ICS Threat Intelligence Reporting service provides insights into current threats and attack vectors, as well as the most vulnerable elements in OT and industrial control systems and how to mitigate them.
  • Use security solutions for OT endpoints and network such as Kaspersky Industrial CyberSecurity to ensure comprehensive protection for all industry critical systems.