Kaspersky’s report on the cybersecurity landscape for industrial control systems (ICS) in the second quarter of 2024, revealed a 20% increase in ransomware attacks compared to the previous quarter. The report underscores a growing threat to critical infrastructure sectors worldwide, with ransomware and spyware posing the most significant risks.
Kaspersky Security Network statistics show that 23,5% of ICS computers globally were exposed to cyberthreats in Q2 2024, down slightly from 24,4% in Q1 2024. ICS systems in Africa remain the most heavily exposed, with 30% of ICS computers attacked, while in the Middle East the figure is 25%.
Ransomware activity surged, with the percentage of ICS computers affected by ransomware rising by 1,2-times compared to the previous quarter. Kaspersky’s report also highlights a continued exposure to scripts and phishing pages as well as to spyware, including backdoors, keyloggers, and trojans, which are often used for data theft and to enable further attacks such as ransomware.
Innovative mining techniques are also noted: attackers continue to employ sophisticated methods to deploy cryptocurrency mining malware on ICS computers. Kaspersky observes increased use of fileless execution techniques, where malicious code is executed directly in memory, making detection and prevention more challenging.
“Our findings reveal that while the overall number of attacks on operational technology (OT) computers is slightly down, the rise in ransomware and spyware is concerning,” says Evgeny Goncharov, head of Kaspersky’s ICS Cyber Emergency Response Team.
“High-impact malware like ransomware can disrupt critical operations in any industry. Phishing pages and spyware are often used to steal corporate credentials and either use them for further propagation into the target’s infrastructure or to sell them on dark web marketplaces for future reuse by ransomware gangs, hacktivists, and APT groups. Overexposing OT infrastructures to these threats puts operations and businesses at high risk of a devastating incident.”
The building automation sector saw the highest percentage of ICS computers attacked (28.3%) in the reviewed period globally, with attackers exploiting weak points in building automation networks, often targeting Internet-facing systems and outdated software. The following sectors are Energy (26,3%), Oil & Gas (22,5%), Engineering and ICS Integration (23,4%) and Manufacturing (11,7%).