Attacks on industrial control system (ICS) computers went up by .85 percentage points in H2 of 2020 compared to H1, according to new research from Kaspersky.

The analysis also found that the variety of malware families targeting ICS computers increased by 30% in this period, with cyber-criminals significantly ramping up attacks against these sectors amid the COVID-19 lockdowns.

While industrial organizations have traditionally been an attractive target for malicious actors due to the highly sensitive data they hold, Kaspersky noted a decline in the proportion of ICS computers on which malicious objects were detected from the second half of 2019. However, this trend changed in the second half of 2020, with COVID-19 likely changing the tactics employed by cyber-criminals.

Compared to H1, in the engineering and ICS integration sector, the proportion of ICS computers attacked grew by nearly eight percentage points to 39.3%, while there was a rise of nearly seven percentage points in building automation, reaching 46.7%. There was a 6.2 percentage rise in oil and gas found, meaning the percentage of ICS computers in this sector targeted was 44%.

Additionally, the researchers revealed that 62% of the countries they examined experienced a growth in the percentage of ICS computers targeted, while the proportion of ICS computers on which malicious email attachments were blocked went up in 73.4% of countries.

The most commonly employed malwares were backdoors, spyware, other types of Trojans and malicious scripts and documents.

Evgeny Goncharov, head of ICS CERT at Kaspersky, commented: “2020 was an unusual year in nearly all aspects, and this appears to have led to some unusual trends across the ICS threat landscape. We typically see a decline in the percentage of ICS computers attacked in the summer months and December as people go on holiday. However, with borders closed and countries on lockdown, it’s likely many didn’t take their vacation, and we did not see any noticeable decrease.

“In addition, while ransomware attacks declined globally, in developed countries, such as the US and Western Europe, the number of attacks actually significantly increase, perhaps because, amidst the current economic downturn, criminals thought these places had businesses with the means to actually pay. With the pandemic still ongoing, it will be important that all industries take extra precautions; with the rest of the world in flux, it’s hard to predict what cyber-criminals will do.”

Leave a Reply