Thought Leadership
Industrial companies worldwide continue to be a popular target for cyber criminals, as the latest analysis by Kaspersky ICS CERT for the second quarter of this year shows.
For example, 23.5% of ICS computers worldwide were exposed to cyber threats; although this represents a slight decrease of 0.9 percentage points compared to the first quarter of 2024, there was a significant increase in ransomware attacks. The proportion of ICS computers affected by ransomware rose by 20% compared to the previous quarter.
Further results:
- Spyware, including backdoors, keyloggers and Trojans, continue to be a serious threat. These programs are often used to steal account data and prepare the ground for more advanced attacks such as ransomware. The percentage of ICS computers affected by spyware rose from 3.90 percent in the first quarter of 2024 to 4.08 percent in the second quarter of 2024.
- Attackers are increasingly using sophisticated techniques to install cryptocurrency malware on ICS computers. The second quarter saw an increase in fileless execution techniques, where malicious code is executed directly in memory, making it more difficult to detect and defend against such attacks.
- The building automation sector has the highest proportion of ICS computers attacked (often exploiting vulnerabilities in building automation networks and targeting systems with internet connectivity and outdated software), although the total number of attacks across all sectors fell in Q2 2024.
Evgeny Goncharov, Head of Kaspersky ICS CERT, comments:
“While the overall number of attacks on OT computers has decreased slightly, the rise in ransomware and spyware is worrying. Malware that has a huge impact, such as ransomware, can disrupt critical operations in any industry, be it manufacturing, energy or transportation. Spyware, on the other hand, is often used to steal login credentials for corporate accounts. These are then resold on darknet marketplaces and may later be used by ransomware groups, hacktivists or APTs. Exposing OT infrastructures to spyware threats can have serious consequences.”
Recommendations for protecting OT computers
- Regularly conduct security analyses of OT systems to identify and eliminate potential cyber security problems.
- Establish continuous vulnerability assessment and sorting as the basis for an effective vulnerability management process. Specialized solutions such as Kaspersky Industrial CyberSecurity offer efficient assistance and provide unique, actionable information that is not fully publicly available.
- Update all components of the company’s OT network in good time.
- ICS Threat Intelligence Reporting can provide detailed information about malicious campaigns and vulnerabilities in the most common industrial control systems and underlying technologies. The reports are delivered via a web-based portal, allowing organizations to use the service directly and immediately.
- Use a comprehensive Extended Detection and Response (XDR) security solution such as Kaspersky Next XDR Expert. It helps with the early detection, investigation and remediation of complex threats.
- Conduct dedicated OT security training for IT security teams and OT personnel, enabling the team to recognize and combat advanced attack techniques in a timely manner.
(pd/Kaspersky)
