Around one in three industrial control systems (ICS) were targeted by malicious activity in the first half of 2021, with spyware a growing threat, according to new data from Kaspersky.
The Russian security vendor claimed its solutions blocked over 20,000 malware variants from more than 5000 families during the period.
Of the 33.8% of ICS machines targeted in H1 2021, internet-based threats dominated (18.2%), followed by those delivered via removable media (5.2%) and malicious email attachments (3%).
Deny-listed internet resources were blocked on 14% of computers. These typically host malicious scripts that redirect users to sites spreading malware or cryptocurrency malware, said Kaspersky. Next came malicious scripts and redirects (8.8%), followed by spyware — including backdoors, Trojans and keyloggers (7.4%) — and ransomware (0.4%).
ICS systems covered by the report included Supervisory Control and Data Acquisition (SCADA) servers, data storage servers, data gateways, human-machine interfaces (HMIs), mobile and stationary workstations, and computers used for industrial network administration.
Although the total number attacked increased just 0.4% from the final six months of 2020, the overall trend in recent years has been of surging threats to industrial systems, as IT and OT technologies increasingly converge.
In practice, this means that legacy, often unpatched or unsecured systems are exposed to the public-facing internet, inviting remote attacks.
According to recent research, the number of ICS vulnerabilities reported in the first half of 2021 surged 41%, with most (71%) classified as high severity or critical.
“Industrial organizations always attract attention from both cyber-criminals and politically-motivated threat actors. Reflecting on the previous half year, we have seen among other findings, growth in the number of cyber-espionage and malicious credential stealing campaigns,” explained Kaspersky security expert, Evgeny Goncharov.
“Their success has most likely been the main factor raising the ransomware threat to such a high degree. And I see no reason why some of the APT groups won’t benefit from these credential stealing campaigns as well.”