After dwindling in late 2019, Industrial control systems (ICS) attacks blocked by one security firm had begun a rebound due to the pandemic.

In the second half of 2019, the percentage of industrial control systems (ICS) computers on which malicious objects were blocked by one cybersecurity company had been on the decline.

However, the trend reversed in the second half of 2020: globally, the percentage of attacked ICS computers in H2 2020 had risen to 33.4%. The percentage of ICS computers attacked in the engineering and ICS integration sector had grown by nearly 8%. This growth was nearly 7% and 6.2% in the building automation and oil & gas sectors respectively.

Overall, the percentage of ICS computers attacked in H2 2020 had increased in 62% of the countries examined by Kaspersky researchers and across all five industries studied. The variety of malware families used had also increased by 30%.

Percentage of ICS computers on which malicious objects were blocked in selected industries

The lure of ICS

Attacks against industrial organizations can be devastating, both in terms of disruption to production and financial losses. In addition, the highly sensitive information in these organizations makes them an attractive target for attackers.

Of the industries examined by Kaspersky researchers, those with the greatest percentage of ICS computers attacked were:

  • building automation at 46.7%, an increase of nearly 7% from H1 2020
  • oil & gas at 44%, an increase of 6.2% over H1 2020
  • engineering and ICS integration at 39.3%, an increase of nearly 8%.

Threats to the oil & gas and building automation industries had been on the rise since H1 2019. The other two industries (energy and automotive manufacturing) also saw an increase in the percentage of ICS computers on which malicious objects were blocked by the firm’s solutions.

Threats belonging to 5,365 malware families were blocked on ICS computers, an increase of 30% from H1 2020. The most prominent threats were backdoors, spyware, other types of Trojans, and malicious scripts and documents.

Additionally, in 73.4% of all countries examined the percentage of ICS computers on which malicious email attachments were blocked had grown, increasing on average globally by 0.7%  compared to that in H2 2019).

According to Evgeny Goncharov, Head of ICS CERT, Kaspersky: “We typically see a decline in the percentage of ICS computers attacked in the summer months and December as people go on holiday. However, in 2020, with borders closed and countries on lockdown, we did not see any noticeable decrease. In addition, while ransomware attacks had declined globally, in developed countries such as the US and Western Europe, the number of attacks actually significantly increased—perhaps because, amidst the current economic downturn, criminals thought these places had businesses with the means to actually pay.”