According to Kaspersky ICS CERT, almost one in three industrial computers was subject to malicious activity in H1 2021. During the first half of 2021, cybercriminals intensively used various types of spyware and malicious scripts while performing their attacks. These types of threats are growing for the second six-month period and pose a big challenge to industrial control systems.
Attacks against industrial organizations are particularly dangerous as cybercriminals might steal data and money and disrupt the established system of production. An increase in the diversity of threats to such networks indicates the growth of the attackers’ interest in them and, consequently, an increase in the need to reliably protect them.
According to the “Threat Landscape for Industrial Automation Systems Report”, Kaspersky security solutions blocked over 20,000 malware variants during the first six months of 2021. To find out more about how the ICS threat landscape changed during the reporting period, Kaspersky researchers analyzed various types of malware used during cyberattacks against industrial systems. They subsequently found that the percentage of spyware and malicious scripts used against ICS has grown continuously over the past half a year.
In fact, spyware (Trojan-Spy malware, backdoors and key loggers), which is mostly used to steal money, are up by 0.6 percentage points in the United Arab Emirates. At the same time, malicious scripts grew by 2.7 percentage points. Threat actors use such scripts on various websites hosting pirated content to redirect users to sites which distribute spyware or malware designed to mine cryptocurrency without the user’s knowledge.
“Industrial organizations always attract attention from both cybercriminals and politically-motivated threat actors. Reflecting on the previous half year, we have seen among other findings, growth in the number of cyberespionage and malicious credential stealing campaigns. Their success has most likely been the main factor raising the ransomware threat to such a high degree. And I see no reason why some of the APT groups won’t benefit from these credential stealing campaigns as well.” comments Evgeny Goncharov, security expert at Kaspersky.