Two out of every five (40.6%) operational technology (OT) computers used in industrial settings have been affected by malware in 2022.
The data comes from a report published earlier today by security researchers at Kaspersky. The figures represent a 6% increase compared with the previous half of the year and almost 1.5 times more than in the second half of 2021.
“Overall, 2022 stands out for its abnormal absence of any seasonal changes. Our team observed a steadily high rate of attacks on industrial sectors – without a typical drop in attacks during summer vacations or winter holidays period,” explained Kirill Kruglov, senior researcher at Kaspersky ICS CERT, commenting on the report’s findings.
“However, the growing attack rates in industrial sectors that are being conducted using social engineering seem alarming.”
In fact, the latest Kaspersky report suggests the top two malware categories seen by the team (malicious scripts and phishing pages) showed growth in the second half of 2022. Threat actors reportedly used these tools to collect information, track activity and redirect browser requests to malicious web resources.
Kaspersky also observed malicious scripts being used to enable the download of various malicious programs and for loading malware, such as spyware or tools for covert cryptocurrency mining in users’ browsers.
From a geographical standpoint, Northern Europe was the only region that showed a growth in malware spread via email clients. Africa, the Middle East, Asia and Latin America topped regional rankings for most OT computers compromised using removable devices.
Further, attacks targeting the automotive manufacturing and energy sectors grew substantially, according to the report, accounting for 36.9% and 34.5% of all industries.
“We strongly recommend customers in these sectors to revise their existing approach to security and check whether all security systems are up-to-date and their personnel is well-trained,” Kruglov concluded.
The Kaspersky data comes roughly two months after a SecurityScorecard report suggested 48% of critical manufacturing organizations in the US are vulnerable to a data breach.