Pierluigi Paganini April 05, 2021

H2 2020 – Kaspersky observed an increase in ransomware attacks on industrial control system (ICS) systems in developed countries.

Cybersecurity firm Kaspersky has published the Industrial Control System Threat Landscape report for H2 2020 which is based on statistical data collected by the distributed antivirus Kaspersky Security Network (KSN). 

The data analyzed by the experts were received from ICS computers, running Kaspersky security products, that are hosted in networks of industrial infrastructures. Windows systems included in the analysts perform one of the following functions:

• Supervisory control and data acquisition (SCADA) servers
• Data storage servers (Historian)
• Data gateways (OPC)
• Stationary workstations of engineers and operators
• Mobile workstations of engineers and operators
• Human Machine Interface (HMI)
• Computers used for industrial network administration
• Computers used to develop software for industrial automation systems

The percentage of ICS computers hit by a cyber attack in the second half of the year on a global scale was 33.4%, (+0.85% than H1 2020). In H2 2020, the percentage of ICS computers hit by hackers increased, compared to H1, in 62% of countries. The same percentage was 7% in 2019, and H1 2020 compared to H2 2019.

The country that observed the maximum growth in the number of attacks (+8.2%) was Saudi Arabia.

The first data that emerged from the report is the drop in ransomware attacks on industrial control system (ICS) computers, but the bad news is represented by an increase in these types of attacks in developed countries.

On a global scale, the ICS computers infected with ransomware dropped from 0.63% in the first half of the year to 0.49% in the second half of 2020. In contrast, in some states experts observed an increase, including the United States and Canada (+0.25%), Australia (+0.23%) and Western Europe (+0.13%).

“We believe that these curious dynamics could indicate the response of threat actors to the economic consequences of the pandemic. In those countries where the ‘creditworthiness’ of organizations decreased as a result of the pandemic, the number of attacks on industrial enterprises also fell (and so did the percentage of attacked ICS computers).” reads the report. “At the same time, in countries where industrial organizations were generally more financially stable and were still able to pay ransom, the activity of attackers increased (and the percentage of attacked ICS computers surged). It can be hypothesized that the changes that we observed were due, among other things, to a shift in some groups’ focus when choosing victims towards organizations in more economically stable countries.”

In 2020, Kaspersky solutions blocked ransomware infection attempts on 0.77% of ICS devices, the percentage of ICS computers targeted by cyber attacks was bigger in Asia compared to the rest of the world.

In 2020 overall, the percentage of ICS computers on which Kaspersky solutions blocked malicious objects was 38.6%, (-7.8% than in 2019). Unlike past years, in 2020, experts did not observe seasonal fluctuations in cyber attacks.

Which are most secure countries in H2 2020?

Israel ranked first in H2 2020 with a record low of 4.3%, followed by Danmark at 7.2 and Ireland at 8.6.

The internet, removable media and email continues to be the main attack vectors for systems computers in the industrial infrastructure of organizations.

Let’s close with the analysis of the variety of malware detected in H2 2020, Kaspersky blocked over 19,400 malware variants from 5,365 different families on industrial automation systems.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, ICS)

[adrotate banner=”5″]

[adrotate banner=”13″]