Kaspersky’s ICS CERT (Industrial Control Systems Cyber Emergency Response Team) unveils an analysis of Operational Technology (OT) cybersecurity trends for the second half of 2023. With a yearly average of 38.6% of OT computers[i] attacked in 2023, the report identifies Automation of buildings as the sector most exposed to cyberthreats (in the second half of 2023 malicious objects were blocked on 36.7% of OT computers in that industry), followed by Energy sector (34.9%), Engineering and ICS Integration (32.7%), Oil&Gas (31.2%), Manufacturing (27.2%).

The landscape of threats in the second half of 2023 remained diverse and multifaceted, with threats spreading via the internet continuing as the main source of cyber risks to OT computers, accounting for 18.1% of the attacks, followed by email clients at 4% and removable media at 1.9%.

Kaspersky security solutions blocked malware that belonged to 12,618 families on industrial automation systems. Malicious objects belonged to a number of categories, among the most widespread were malicious scripts and phishing pages, denylisted internet resources.

“Malicious objects that our solutions block can be grouped into 3 categories: those used for initial infection (such as dangerous web resources, malicious scripts, malicious documents), next-stage malware (including spyware, ransomware or miners) delivered to a victim in most cases via the internet or email, and self-propagating malware (worms and viruses). All of these can be extremely harmful to an organization. We investigated cases when even far-from-industrial malware, such as a banking trojan, nearly brought operations of a factory to a halt,” comments Evgeny Goncharov, Head of Kaspersky’s ICS CERT. “With this in mind industrial companies should continue fortifying their defenses by tailoring their cybersecurity strategies and staying informed about the ever-evolving threats.”

To keep OT computers protected from various threats, Kaspersky experts recommend:

  • Conducting regular security assessments of OT systems to identify and eliminate possible cyber security issues.
  • Establishing continuous vulnerability assessment and triage as a basement for effective vulnerability management process. Dedicated solutions like Kaspersky Industrial CyberSecurity may become an efficient assistant and a source of unique actionable information, not fully available in public.
  • Performing timely updates for the key components of the enterprise’s OT network; applying security fixes and patches or implementing compensating measures as soon as it is technically possible is crucial for preventing a major incident that might cost millions due to the interruption of the production process.
  • Using EDR solutions such as Kaspersky Endpoint Detection and Response for timely detection of sophisticated threats, investigation, and effective remediation of incidents.
  • Improving the response to new and advanced malicious techniques by building and strengthening teams’ skills in incident prevention, detection, and response. Dedicated OT security trainings for IT security staff and OT personnel is one of the key measures helping to achieve this.

The full report on ICS threats is available by the link.

About Kaspersky ICS CERT

Kaspersky ICS CERT is a global project run by Kaspersky to coordinate the efforts of industrial automation system vendors and industrial facility owners and operators. Kaspersky ICS CERT experts research cyberthreats and detect attacks on industrial facilities; analyze popular industrial control system products and technologies for vulnerabilities and help eliminate any vulnerabilities identified; provide trainings; help developers make their products more secure; consult industrial organizations on industrial cybersecurity issues; develop industrial cybersecurity methodologies, frameworks, and standards. To find out more, visit https://ics-cert.kaspersky.com/

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

[i] Supervisory control and data acquisition (SCADA) servers, data storage (Historian) servers, data gateways (OPC), stationary workstations of engineers and operators, mobile workstations of engineers and operators, human machine interface (HMI), OT network administration computers, ICS software development computers.