Skip to main content

More than 40% of ICS computers were attacked in H1 2018

September 6, 2018

More than 40% of all industrial control system (ICS) computers protected by Kaspersky Lab solutions were attacked by malicious software at least once during the first half of 2018. The most impacted countries turned out to be Vietnam, Algeria and Morocco, while the safest region for industrial machines was Denmark. These are among the main findings of the Kaspersky Lab ICS CERT report on the industrial threat landscape in H1 2018.

More than 40% of all industrial control system (ICS) computers protected by Kaspersky Lab solutions were attacked by malicious software at least once during the first half of 2018. The most impacted countries turned out to be Vietnam, Algeria and Morocco, while the safest region for industrial machines was Denmark. These are among the main findings of the Kaspersky Lab ICS CERT report on the industrial threat landscape in H1 2018.

Cyberattacks on industrial computers are considered to be an extremely dangerous threat as they cause material losses and production downtime for a whole system. Moreover, industrial enterprises knocked out of service can seriously undermine a region’s social welfare, ecology and macroeconomics. 

Statistics collected by Kaspersky Lab researchers show that this kind of threat is of growing concern. In the first half of 2018, 41.2% of ICS computers were attacked at least once. Moreover, this is a continuation of a trend: in 2017, the figure increased from 36.61% in the first half of the year to 37.75% in the second half.

Percentage of ICS computers attacked (H1 2017 – H1 2018)

Middle Eastern countries were among the top 20 by percentage targeted by these attacks, Africa being the hotspot with over 21.6% of ICS attacks occurring within that region and South-East Asia making up to 19%. Currently Africa holds the 2nd place and the Middle East holds the 8th place in terms of percentage of ICS systems attacked globally.

Top countries by the number of ICS computers attacked in 2018 were Vietnam, where 75.1% of ICS computers were attacked, Algeria, with 71.6% and Morocco with 64.8%. As for the least attacked industrial facilities, the top three countries turned out to be Denmark with 14% attacked computers in industrial enterprises, followed by Ireland with 14.4% and Switzerland close behind, accounting for 15.9%. Developing economies account for highest numbers of ICS computers attacked, while developed regions have the lowest number of targeted ICS computers.

Despite concentration of ICS attacks within geographical regions, the figures can vary significantly between different countries. For example, the situation in South Africa is the most favorable compared to most African countries, and Israel and Kuwait are noticeably better off than other countries in the Middle East.

The largest number of threats come from the internet, which over the years has become the main source of infection for ICS: 27,3% of threats are received from the world wide web; while removable storage media is ranked second with 8.4%. Mail clients occupy third place in terms of volume– they represent 3.8% of threats.

“The percentage of cyberattacks on ICS computers is a concern. Our advice is to pay attention to systems’ security from the very beginning of their integration, when the systems’ elements are first connected to the internet: neglecting security solutions at this stage could lead to dire consequences.” - says Kirill Kruglov, security researcher at Kaspersky Lab.

Kaspersky Lab ICS CERT recommends implementing the following technical measures:

  • Regularly update operating systems, application software and security solutions on systems that are part of the enterprise’s industrial network.
  • Restrict network traffic on ports and protocols used on edge routers and inside the organization's OT networks.
  • Audit access control for ICS components in the enterprise’s industrial network and at its boundaries.
  • Deploy dedicated endpoint protection solutions on ICS servers, workstations and HMIs to secure OT and industrial infrastructure from random cyberattacks; and network traffic monitoring, analysis and detection solutions for better protection from targeted attacks.
  • Provide dedicated training and support for employees as well as partners and suppliers with access to your network.

Read the full version on Securelist.com.

More than 40% of ICS computers were attacked in H1 2018

More than 40% of all industrial control system (ICS) computers protected by Kaspersky Lab solutions were attacked by malicious software at least once during the first half of 2018. The most impacted countries turned out to be Vietnam, Algeria and Morocco, while the safest region for industrial machines was Denmark. These are among the main findings of the Kaspersky Lab ICS CERT report on the industrial threat landscape in H1 2018.
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases