According to Kaspersky ICS CERT, in the second half of 2022, Kaspersky security solutions globally blocked 6% more malware families on industrial automation systems than in the first half of the year and 147% more than in the second half of 2021.
In comparison to other areas, ransomware attacks continue to be particularly prevalent in the Middle East. Africa leads the regional rankings with most ICS computers targeted using removable devices. Attacks were thwarted more frequently in Turkiye throughout 2022, including in the engineering, energy, and building technology sectors.
In the latter part of 2022, the Middle East had a higher percentage of ICS computers with blocked spyware compared to the rest of the world, at 9.8% versus 7.1%. Additionally, the two most common types of malware attacking ICS in the region were malicious scripts and deny listed internet resources, with 14.5% and 10.3% of attacks prevented, respectively. These attacks were distributed through online and email channels and included phishing pages.
Other categories of malicious objects that were blocked on ICS computers in the Middle East include malicious documents (4,8%), worms (4%), viruses (3,3%), and crypto-miners for web browsers (3%). When observing geographical regions.
The number of attacks that were successfully refuted varied between industries. The Middle East’s most targeted sectors in the second half of 2022 included engineering (35,9%), energy (38,3%), and building automation (attacks on which were thwarted on 38,9% of ICS systems).
Kirill Kruglov, senior researcher at Kaspersky ICS CERT said “Overall, 2022 stands out for its abnormal absence of any seasonal changes. Our team observed a steadily high rate of attacks on industrial sectors – without a typical drop-in attacks during summer vacations or winter holidays period. However, the growing attack rates in industrial sectors, that are being conducted using social engineering, seem alarming. We strongly recommend customers in these sectors to revise their existing approach to security and check whether all security systems are up-to-date and their personnel is well-trained.”
To keep your OT computers protected from various threats, Kaspersky experts recommend:
• Conduct regular security assessments of OT systems to identify and eliminate possible cyber security issues.
• Establishing continuous vulnerability assessment and triage as a basement for an effective vulnerability management process. Dedicated solutions like Kaspersky Industrial CyberSecurity may become an efficient assistant and a source of unique actionable information, not fully available to the public.
• Performing timely updates for the key components of the enterprise’s OT network; applying security fixes and patches or implementing compensating measures as soon as it is technically possible is crucial for preventing a major incident that might cost millions due to the interruption of the production process.
• Using EDR solutions such as Kaspersky Endpoint Detection and Response for timely detection of sophisticated threats, investigation, and effective remediation of incidents.
• Improving the response to new and advanced malicious techniques by building and strengthening your teams’ incident prevention, detection, and response skills. Dedicated OT security training for IT security teams and OT personnel is one of the key measures helping to achieve this.
