Cybersecurity firm Kaspersky reported that the percentage of ICS computers on which malicious email attachments were blocked also increased, while the percentage of attacked industrial control systems (ICS) computers rose in 62 percent of countries worldwide last year. These changes took place as cyber attackers bolstered their attacks during the COVID-19 lockdowns.
There was also a rise in the percentage of ICS computers on which threats were distributed over the internet and email, and spyware and miners were blocked, according to Kaspersky’s ‘Threat landscape for industrial automation systems. Statistics for H2 2020’ report.
While in the first half of 2020, Kaspersky said that the impact of the COVID-19 pandemic was as expected because the security threat actors used the pandemic and the global changes caused by it in their own interests, as the subject of the COVID-19 pandemic is exploited in a large number of phishing attacks, both mass-scale and targeted.
During the second half, Kaspersky continued its observations and identified a number of trends that could be due to circumstances connected with the pandemic in one way or the other, as well as the reaction of governments, organizations, and people to these circumstances.
The seasonal fluctuations typical of past years were not observed during 2020, Kaspersky said. In previous years, the percentage of ICS computers on which malicious objects were blocked was at its maximum in March/April and October, while this indicator sagged between those months. In 2020, this indicator behaved differently. It reached its maximum in February and dropped almost to its minimum in May. In the first two months of summer, it grew to its near-maximum in July. In October, the percentage of attacked ICS computers was one of the lowest, the company added.
Starting with the second half of 2019, Kaspersky detected a decline in the percentages of ICS computers on which malicious objects were blocked. This was observed in ICS, as well as corporate and personal computing environments. However, this downward trend was not observed in the second half of 2020.
The percentage of attacked ICS computers globally in the second half of 2020 was 33.4 percent, which was 0.85 percentage points higher than the first half of the same year, Kaspersky said.
During the second half of 2020, the percentage of ICS computers on which malicious objects were blocked showed the most growth in Saudi Arabia, which registered 8.2 percentage points, while most countries observed no more than a 4 percentage points increase. Therefore, the global average change over the half-year was insignificant.
Globally, in the second half of 2020, the percentage of ICS computers on which malicious email attachments were blocked increased by 0.7 percentage points compared to the first half of the year. There was a rise in all regions, except East Asia, the US and Canada, Western Europe, and Russia.
In 73.4 percent of the countries surveyed in the second half of 2020, the percentage of ICS computers on which malicious email attachments were blocked increased compared to the first half, Kaspersky reported.
Malicious objects from the internet, such as web resources involved in the distribution or management of malware went up 2.5 percent, while malicious scripts and redirects on web resources rose 1.6 percent, according to Kaspersky. Typical threats distributed by email rose by 1.2 percent, malicious MS Office and PDF documents recorded an increase of 1.2 percent, spyware using Trojans, backdoors and keyloggers went up 1.4 percent, and miners using executable files for Windows registered an increase of 0.7 percent.
For those security threats distributed over the internet and email, and spyware and miners, the indicators of the second half of 2020 exceeded the equivalent results of the first half of the year, as well as in the second half of 2019.
In developed countries, the percentage of ICS computers attacked by ransomware increased, Kaspersky said. Globally, the percentage of ICS computers on which ransomware was blocked decreased from 0.63 percent in the first half of 2020 to 0.49 percent in the second half. At the same time, this indicator increased in regions with developed countries with the U.S. and Canada recording 0.25 percent, Australia witnessed a rise of 0.23 percent, and Western Europe recorded an increase of 0.13 percent.
Last week, Kaspersky reported that the ICS engineering sector is different from other industries as the operational technology (OT) environment is made up of various components, leaving them vulnerable to a range of cyberthreats. In its ‘Threat landscape for the ICS engineering and integration sector 2020’ report, the company said that the components in the OT environment often have direct and indirect connections to various ICS, some of which may even belong to other industrial enterprises.