Threat landscape for industrial automation systems. Statistics for H1 2023
2023-9-13 17:0:18 Author: securelist.com(查看原文) 阅读量:13 收藏

Industrial threats

Industrial threats

minute read

Global threat statistics

In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%.

Percentage of ICS computers on which malicious objects were blocked, by half year

Percentage of ICS computers on which malicious objects were blocked, by half year

That said, he percentage of attacked ICS computers dropped in Q1 2023, but then rose again in Q2 2023, reaching highest quarterly figure since 2022 – 26.8%.

Percentage of ICS computers on which malicious objects were blocked, by quarter

Percentage of ICS computers on which malicious objects were blocked, by quarter

Geography

The percentage of ICS computers on which malicious objects were blocked varied across countries from 53.3% in Ethiopia to 7.4% in Luxembourg.

The percentage of computers on which malicious activity was prevented varied across regions from 40.3% in Africa to 14.7% in Northern Europe.

Percentage of ICS computers on which malicious objects were blocked, by regions

Percentage of ICS computers on which malicious objects were blocked, by regions

Australia and New Zealand, the United States and Canada, Western Europe, and Northern Europe historically have had the lowest percentages of ICS computers on which malicious objects are blocked.

In H1 2023, however, those were the very regions where the percentages of attacked ICS computers increased by the most percentage points.

H1 2023 changes in the percentages of ICS computers on which malicious objects were blocked, by region

H1 2023 changes in the percentages of ICS computers on which malicious objects were blocked, by region

Africa and the Asian regions where the percentage of ICS computers on which malicious objects are blocked historically has been high, showed a downward trend.

Percentage of ICS computers on which malicious objects were blocked in Africa and regions of Asia

Percentage of ICS computers on which malicious objects were blocked in Africa and regions of Asia

Individual industries

In H1 2023, the percentage of ICS computers on which malicious objects were blocked increased in engineering and ICS integration (by 2 pp), manufacture (by 1.9 pp) and energy (by 1.5 pp).

Percentage of ICS computers on which malicious objects were blocked in selected industries

Percentage of ICS computers on which malicious objects were blocked in selected industries

Building automation is still the leader among the industries under review.

Categories of malicious objects

Only one of the categories grew in H1 2023: denylisted internet resources. The percentage of ICS computers on which threats in this category are blocked has grown for the second half-year in a row.

Percentage of ICS* computers on which the activity of malicious objects of various categories was prevented

Percentage of ICS* computers on which the activity of malicious objects of various categories was prevented

The percentages of ICS computers on which Spyware, Malicious documents, Malicious miners in the form of Windows executables, Ransomware were blocked had been declining since mid-2022:

Percentage of ICS computers on which the activity of malicious objects of various categories was prevented

Percentage of ICS computers on which the activity of malicious objects of various categories was prevented

In H1 2023, the percentage of ICS computers on which these categories of threats were blocked, dropped in virtually every region.

Main threat sources

The internet, email clients and removable devices remained the key sources of threats to computers in the operational technology infrastructure of organizations.

Percentage of ICS computers on which malicious objects from various sources were blocked

Percentage of ICS computers on which malicious objects from various sources were blocked

The full report has been published on the Kaspersky ICS CERT website.

  • Reports

    An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.

    This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.

    While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. We created offline backups of the devices, inspected them and discovered traces of compromise.

    GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.


    文章来源: https://securelist.com/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2023/110605/
    如有侵权请联系:admin#unsafe.sh