With a yearly average of 38,6% of operational technology (OT) computers attacked in 2023, building automation has been identified as the sector most exposed to cyberthreats.

An analysis of OT cybersecurity trends for the second half of 2023 by Kaspersky’s ICS CERT (Industrial Control Systems Cyber Emergency Response Team) finds that, in the second half of 2023 malicious objects were blocked on 36,7% of OT computers in that industry.

The Energy sector follows closely with 34,9%, then Engineering and ICS Integration (32,7%), Oil & Gas (31,2%) and Manufacturing (27,2%).

The landscape of threats in the second half of 2023 remained diverse and multifaceted, with threats spreading via the Internet continuing as the main source of cyber risks to OT computers, accounting for 18,1% of the attacks, followed by email clients at 4% and removable media at 1,9%

Kaspersky security solutions blocked malware that belonged to 12 618 families on industrial automation systems. Malicious objects belonged to a number of categories, among the most widespread were malicious scripts and phishing pages, denylisted Internet resources.

Evgeny Goncharov, head of Kaspersky’s ICS CERT, explains: “Malicious objects that our solutions block can be grouped into three categories: those used for initial infection (such as dangerous web resources, malicious scripts, malicious documents), next-stage malware (including spyware, ransomware or miners) delivered to a victim in most cases via the Internet or email, and self-propagating malware (worms and viruses).

“All of these can be extremely harmful to an organisation. We investigated cases when even far-from-industrial malware, such as a banking trojan, nearly brought operations of a factory to a halt.

“With this in mind industrial companies should continue fortifying their defenses by tailoring their cybersecurity strategies and staying informed about the ever-evolving threats.”