Kaspersky reports increase in ransomware and spyware attacks on industrial systems

(MENAFN- Bashir Mraish Consultancy) Kaspersky’s report on the cybersecurity landscape for industrial control systems (ICS) in the second quarter of 2024, revealed a 20% increase in ransomware attacks compared to the previous quarter. The report underscores a growing threat to critical infrastructure sectors worldwide, with ransomware and spyware posing the most significant risks.
Kaspersky Security Network statistics show that 23.5% of ICS computers globally were exposed to cyberthreats in Q2 2024, down slightly from 24.4% in Q1 2024. ICS systems in Africa remain the most heavily exposed, with 30% of ICS computers attacked, while in the Middle East the figure is 25%.
Ransomware activity surged, with the percentage of ICS computers affected by ransomware rising by 1.2 times compared to the previous quarter. Kaspersky’s report also highlights a continued exposure to scripts and phishing pages as well as to spyware, including backdoors, keyloggers, and trojans, which are often used for data theft and to enable further attacks such as ransomware.
Innovative mining techniques are also noted: attackers continue to employ sophisticated methods to deploy cryptocurrency mining malware on ICS computers. Kaspersky observes increased use of fileless execution techniques, where malicious code is executed directly in memory, making detection and prevention more challenging.
“Our findings reveal that while the overall number of attacks on operational technology (OT) computers is slightly down, the rise in ransomware and spyware is concerning,” says Evgeny Goncharov, head of Kaspersky’s ICS Cyber Emergency Response Team. “High-impact malware like ransomware can disrupt critical operations in any industry. Phishing pages and spyware are often used to steal corporate credentials and either use them for further propagation into the target’s infrastructure or to sell them on dark web marketplaces for future reuse by ransomware gangs, hacktivists, and APT groups. Overexposing OT infrastructures to these threats puts operations and businesses at high risk of a devastating incident.”
In the Middle East, the building automation sector saw the highest percentage of ICS computers attacked (28.3%) in the reviewed period, with attackers exploiting weak points in building automation networks, often targeting internet-facing systems and outdated software. The following sectors are Energy (26.3%), Oil & Gas (23.5%), Engineering and ICS Integration (23.4%) and Manufacturing (11.7%).

To keep OT computers protected from various threats, Kaspersky experts recommend:
• Conduct audits and regular security assessments of IT and OT systems.
• Perform timely updates for the key components of the enterprise’s OT network. Apply security fixes and patches or implement mitigation measures as soon as it is technically possible.
• Enable reliable protection of industrial networks and automation systems by using specialized solutions such as Kaspersky Industrial CyberSecurity - an operational technology XDR platform, offering centralized asset and risk management, security and compliance audit, unparalleled scalability and IT - OT Convergence with Kaspersky ecosystem.
• Organize training specifically designed for those who work with industrial control systems and for those directly responsible for IT/OT Security.
• Provide the security team responsible for protecting industrial control systems with up-to-date threat intelligence. The ICS Threat Intelligence Reporting service gives insights into current threats and attack vectors and into alarming OT vulnerabilities, as well as ways to mitigate them.
For the full Industrial Control Systems cybersecurity in Q2 2024 report, visit the Kaspersky ICS CERT webpage.
To get more information about the very latest approaches to securing ICS technologies, join the upcoming global Kaspersky Industrial Cybersecurity Conference in Bangkok, Thailand, on October 10, 2024, by registering to online broadcast, that also allows to ask questions to the experts taking part in the event, via the link.

MENAFN02102024004771015760ID1108739201