37.9% of industrial computers in the UAE were targeted in 2022

According to Kaspersky ICS CERT statistics, various types of malicious objects were blocked on 37.9% of ICS computers in the UAE between January and September 2022. The Internet was the source of the majority of these attacks on ICS infrastructure (20.6%). Email clients were used in 14.6% of the attacks. 3.1% of attacks were carried out using removable media. The global share of ICS computers with blocked malicious objects is 31.8%. In the coming months, APT attacks on industrial systems are expected to become even more sophisticated.

ICS computers are used in oil and gas, energy, automotive manufacturing, building automation infrastructures, and other fields to perform a variety of OT functions, ranging from engineer and operator workstations to supervisory control and data acquisition (SCADA) servers and Human Machine Interface (HMI) (HMI). Cyberattacks on industrial computers are considered extremely dangerous because they can result in material losses and production downtime for the controlled production line, as well as the entire facility. Furthermore, shutting down industrial enterprises can seriously harm a region’s social welfare, ecology, and macroeconomics.

ICS computers in the oil and gas sector were the most frequently attacked in the META region during the first three quarters of 2022 (39.3% were attacked). Building automation system attacks came in second, with 38.8% of ICS computers in this sector being targeted. The energy sector was also one of the top three most vulnerable environments (36.8% of computers were affected).

APT attacks on industrial systems are expected to become more sophisticated in the coming months. Organizations in agriculture, logistics and transportation, energy (mining, chemical, machine tool industry), renewable energy, and hi-tech will be targeted.

Another trend identified by Kaspersky for the remainder of 2022 and the following year is the rise of ransomware in ICS environments. Ransomware gangs have evolved from dispersed gangs to organized businesses and a full-fledged industry. We are seeing more and more cases where ransomware attacks, including those on ICS computers, are carried out manually, in a time-consuming but efficient manner. 

“The period of global instability provokes global semiconductor shortage. In turn, that causes companies to lower their budgets on cybersecurity, which becomes a critical issue in 2022-2023, especially in view of the evolving threat landscape. Critical industrial infrastructure solutions will be a new target for the cybercrime,” says Vladimir Dashchenko, Kaspersky Industrial Control Systems Cyber Emergency Response Team expert. 

To keep your OT computers protected from various threats, Kaspersky experts recommend:

• Conducting regular security assessments of OT systems to identify and eliminate possible cyber security issues.
• Establishing continuous vulnerability assessment and triage as a basement for effective vulnerability management process. Dedicated solutions like Kaspersky Industrial CyberSecurity may become an efficient assistant and a source of unique actionable information, not fully available in public.
• Performing timely updates for the key components of the enterprise’s OT network; applying security fixes and patches or implementing compensating measures as soon as it is technically possible is crucial for preventing a major incident that might cost millions due to the interruption of the production process.
• Using EDR solutions such as Kaspersky Endpoint Detection and Response for timely detection of sophisticated threats, investigation, and effective remediation of incidents.
• Improving the response to new and advanced malicious techniques by building and strengthening security teams’ incident prevention, detection, and response skills. Dedicated OT security trainings for IT security teams and OT personnel is one of the key measures helping to achieve this.