The H1 2021 ICS menace report at a glance Percentage of ICS computers assaulted

During the first half of 2021( H1 2021 ), the proportion of attacked ICS computers was 8 %, which was 0.4 percentage points( p.p .) higher than that for H2 2020.

Percentage of ICS computers on which malicious objects were blocked( download)

Numbers per country differed from 58.4% in Algeria to 6.8% in Israel.

Top 15 countries and territories with the largest percentages of ICS computers on which malicious objects were blocked in H1 2021( download)

Top 10 country level regions with the lowest percentages of ICS computers on which malicious objects were blocked in H1 2021( download)

When we look at regional numbers, Africa contributed with 46.1%, followed by Southeast Asia at 44.1%, East Asia at 43.1% and Central Asia at 42.1%.

Percentage of ICS computers on which malicious objects were blocked, by region( download)

The largest increases in the percentage of assaulted ICS computers during H1 2021 were as follows:

Over 10 p.p. in Belarus( 50.4%) and Ukraine( 33.1% ); 4 p.p. in the Czech Republic( 20.2%) and Slovakia( 24.3% ); 5 p.p. in Hong Kong( 20.8% ); 6 p.p. in Australia( 23%) and Cameroon( 45.2% ).

The internet was the main source of threats making these increases. The percentage of ICS computers on which menaces were blocked decreased in all monitored industries. This was especially noticeable in the oil and gas( 36.5%) and build automation( 40.3%) sectors( -7. 5 p.p. and -6. 3 p.p ., respectively ).

Percentage of ICS computers on which malicious objects were blocked in selected industries( download)

Major menace sources

The internet, removable media and email continue to be the main sources of threats to computers in ICS environments.

Percentage of ICS computers on which malicious objects from various sources were blocked( download)

Threats from the internet were blocked on 18.2% of ICS computers (+1.5 p.p .).

In H1 2021, the largest increases in this indicator were observed in Belarus (+ 12.2 p.p .), Ukraine (+ 8 p.p .) and Russia (+ 6.7 p.p .)

Russia resulted the regions in rankings with 27.6%.

Percentage of ICS computers on which malicious objects from the internet were blocked, by region( download)

Belarus contributes in its own country rankings with 32.8%.

Top 15 countries and regions with the highest percentages of ICS computers on which internet threats were blocked in H1 2021( download)

Threat arriving via removable media were blocked on 5.2% of ICS computers( -0. 2 p.p .), which continued a downward tendency that began in H2 2019.

Africa leadings perceptibly in the regional rankings with 15.6%. In H1 2021, the percentage of ICS computers on which threats were blocked when removable media were connected decreased in Asian regions.

Regions ranked by percentage of ICS comuters on which malware was blocked when removable media was connected in H1 2021( download)

Algeria contributes among individual countries with 24%.

Fifteen countries and provinces with the largest percentage of ICS computers on which malware was blocked when removable media was connected in H1 2021( download)

Malicious email attachments were blocked on 3.4% of ICS computers( -0. 6 p.p .).

Southern Europe ranked the most prominent with 6.4%. The only region where the percentage increased was Australia and New Zealand (+ 1.3 p.p .).

Regions ranked by percentage of ICS computers on which malicious email attachments were blocked in H1 2021( download)

Bangladesh resulted among individual countries with 8.8%.

Top 15 countries with the highest percentages of ICS computers on which malicious email attachments were blocked in H1 2021( download)

The variety of malware detected

In H1 2021, Kaspersky security solutions blocked more than 20.1 thousand malware variants from 5,150 families in ICS environments. Denylisted internet resources were the main threat source and were blocked on 14% of ICS computers.

Threat performers use malicious scripts on various media resources and websites hosting pirated content. These scripts redirect users to websites that spread spyware and/ or cryptocurrency miners. The percentage of computers where this type of threats was blocked has grown since 2020. Malicious scripts and redirects( JS and HTML) were blocked on 8.8% of ICS computers (+ 0.7 p.p .).

Australia and New Zealand (+ 3.8 p.p .), as well as Russia (+ 4.4 p.p .) learnt a noticeable growth in the percentage of computers where malicious scripts used for downloading spyware were blocked. Spyware( backdoors, trojan spies and keyloggers) were blocked on 7.4% of ICS computers (+ 0.4 p.p .).

This figure was highest in East Asia( 14.3% ), Africa( 13.4%) and Southeast Asia( 11.2% ). Ransomware was blocked on 0.40% of ICS computers( -0. 1 p.p .)

This figure is higher in East Asia with 0.82%.

In the Middle East, we considered an increase in the percentage of computers on which worms (+ 0.4 p.p .) and ransomware (+ 0.3 p.p .) were blocked.

Percentage of ICS computers on which malicious objects from various categories were blocked( download)

The full report is available on the Kaspersky ICS CERT website.

Read more: securelist.com