In the first half of 2023, Africa stood out as one of the regions most heavily targeted by cyberattacks on industrial systems, according to a report from Kaspersky’s ICS CERT. Across the globe, 34% of Industrial Control System (ICS) computers faced and successfully blocked various types of malicious threats during this period. However, in Africa, these attacks were detected on a staggering 40.3% of ICS computers, marking the continent as the foremost target among regions. The industries most vulnerable to these attacks included energy (45.9%), engineering & integration (44%), and building automation (40%), but all of these threats were thwarted upon detection.
ICS computers play pivotal roles in sectors such as oil & gas, energy, automotive manufacturing, and building automation, responsible for executing critical operational technology functions. Cyberattacks on these computers pose severe risks, potentially causing material losses, production disruptions, and even regional socio-economic instability.
An analysis of specific countries in Africa revealed variations in the threat landscape due to varying security postures and the focus of threat actors. For instance, in the first half of 2023, South Africa witnessed malware attacks on 29.1% of ICS computers, Nigeria on 32.6%, and Kenya on 34.5%.
Africa notably had the highest percentage (9.8%) of ICS computers where spyware was blocked, followed closely by the Middle East and Southeast Asia (8.3% and 8.1%, respectively), surpassing the global average of 6.1%. Additionally, Africa led in blocking attacks from denylisted Internet resources (14.8%), compared to the global average of 11.3%.
Viruses and worms commonly propagate within ICS networks through removable media, shared folders, infected files, and network attacks targeting outdated software. Notably, Africa had a significantly higher percentage (7%) of ICS computers with detected worms compared to the global average of 2.3%.
Recognizing the diverse industrial landscape in Africa, cybersecurity solutions must adapt to various sectors and technologies. Some regions still rely on legacy ICS systems lacking modern security features, making them more vulnerable. Moreover, critical infrastructure in remote areas with limited connectivity poses challenges for effective monitoring and securing of ICS assets.
Evgeny Goncharov, Head of Kaspersky ICS CERT, stressed the importance of understanding these risks to make informed decisions, allocate resources wisely, and enhance defenses. By doing so, organizations can protect their interests while contributing to a safer digital ecosystem.
For comprehensive protection of OT (Operational Technology) computers, Kaspersky experts recommend the following measures:
1. Regular security assessments of OT systems to identify and address potential cybersecurity issues.
2. Establishing continuous vulnerability assessment and triage as the foundation for an effective vulnerability management process.
3. Timely updates for key components of the enterprise’s OT network, including applying security fixes, patches, or compensatory measures to prevent major incidents.
4. Utilizing EDR (Endpoint Detection and Response) solutions, such as Kaspersky Endpoint Detection and Response, for timely detection, investigation, and remediation of sophisticated threats.
5. Enhancing incident prevention, detection, and response capabilities through dedicated OT security training for IT security teams and OT personnel.
