In the first half of 2022, malicious objects were blocked in almost 32% of the OT computers protected by Kaspersky solutions. These computers are used in oil & gas, energy, automotive manufacturing, building automation infrastructures and other spheres to perform a range of OT functions – from the workstations of engineers and operators to supervisory control and data acquisition (SCADA) servers and Human Machine Interface (HMI).
Rising threats in H1 2022: malicious scripts, phishing pages and spyware
Most often in the last six months, perpetrators attempted to attack industrial computers using malicious scripts and phishing pages (JS and HTML) – these objects were blocked on almost 13% of the total number of the computers protected. This category of threats also showed the most dynamic growth compared to the previous half of the year, rising by 3,5 percentage points.
Malicious scripts and phishing pages are one of the most common ways to spread spyware. In H1 2022 it was detected on almost 9% of OT computers, seeing a rise by 0,5 percentage points between H1 2022 and H2 2021. The other way spyware can be spread is by phishing emails with a malicious document attached. Kaspersky reports a dramatic increase of nearly two times – to almost 6% – in the percentage of OT computers where malicious documents were blocked.
“It is vital to protect OT endpoints as well as IT ones with a dedicated solution, properly configured and kept up-to-date. The OT network should be separated, all remote connections and communications secured, monitored and controlled, any unauthorized access prevented. A proactive approach to identifying and eliminating possible vulnerabilities and relevant threats could save millions on incident costs”, - comments Kirill Kruglov, senior researcher at Kaspersky ICS CERT.
Percentage of OT computers in which malicious objects from various categories were blocked
Building automation turned out to be the most “restless” type of OT infrastructure
Nearly half of the computers (42%) in building automation infrastructure, also referred to as Building Management Systems (BMS), faced cyber threats. These computers would normally belong to service companies, managing automated systems in business or shopping centers, municipalities and other types of public infrastructure. As for the industrial facilities and critical infrastructure objects, they often own the onsite building management systems.
Percentage of OT computers where malicious objects were blocked in selected industries in H1 2022
In H1 2022 Building Management Systems (BMS) became the most "restless" type of OT infrastructure in terms of attackers’ activity, taking leading positions by the percentage of affected devices from different threat sources, namely internet resources (23%), malicious email attachments and phishing links (14%, which is two times more than the global average), malicious documents (11%), trojans, backdoors and keyloggers (13%) and others.
Engineers and operators of building automation use Internet resources and e-mail more actively than in other OT infrastructures. Besides, BMS may have no proper separation from other internal networks physically located inside the building, and therefore, may be an attractive target for sophisticated threat actors.
«It is quite natural that this type of environment is experiencing the impact of attackers’ activity for their high exposure and relatively low cyber security maturity state. Attackers compromise systems that could potentially have connections to internal networks of factories, public spaces, or even critical infrastructure facilities. As for the smart cities and public infrastructures, the systems may manage an entire district with access to lighting control, road traffic management and information, and other types of services for citizens – a real “piece of cake” for perpetrators. What is more alarming, 14% of all Building Management System (BMS) computers were attacked with the use of phishing emails, which is 2 times bigger than the global average”, says Kirill Kruglov, senior researcher at Kaspersky ICS CERT.
Read more about the ICS threat landscape in H1 2022 on the Kaspersky ICS CERT website.
To keep your OT computers protected from various threats, Kaspersky experts recommend:
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.