The H1 2021 ICS menace report at a glance Percentage of ICS computers assaulted
During the first half of 2021( H1 2021 ), the proportion of attacked ICS computers was 8 %, which was 0.4 percentage points( p.p .) higher than that for H2 2020.
Numbers per country differed from 58.4% in Algeria to 6.8% in Israel.
When we look at regional numbers, Africa contributed with 46.1%, followed by Southeast Asia at 44.1%, East Asia at 43.1% and Central Asia at 42.1%.
The largest increases in the percentage of assaulted ICS computers during H1 2021 were as follows:
Over 10 p.p. in Belarus( 50.4%) and Ukraine( 33.1% ); 4 p.p. in the Czech Republic( 20.2%) and Slovakia( 24.3% ); 5 p.p. in Hong Kong( 20.8% ); 6 p.p. in Australia( 23%) and Cameroon( 45.2% ).
The internet was the main source of threats making these increases. The percentage of ICS computers on which menaces were blocked decreased in all monitored industries. This was especially noticeable in the oil and gas( 36.5%) and build automation( 40.3%) sectors( -7. 5 p.p. and -6. 3 p.p ., respectively ).
Major menace sources
The internet, removable media and email continue to be the main sources of threats to computers in ICS environments.
Threats from the internet were blocked on 18.2% of ICS computers (+1.5 p.p .).
In H1 2021, the largest increases in this indicator were observed in Belarus (+ 12.2 p.p .), Ukraine (+ 8 p.p .) and Russia (+ 6.7 p.p .)
Russia resulted the regions in rankings with 27.6%.
Belarus contributes in its own country rankings with 32.8%.
Africa leadings perceptibly in the regional rankings with 15.6%. In H1 2021, the percentage of ICS computers on which threats were blocked when removable media were connected decreased in Asian regions.
Algeria contributes among individual countries with 24%.
Malicious email attachments were blocked on 3.4% of ICS computers( -0. 6 p.p .).
Southern Europe ranked the most prominent with 6.4%. The only region where the percentage increased was Australia and New Zealand (+ 1.3 p.p .).
Bangladesh resulted among individual countries with 8.8%.
The variety of malware detected
In H1 2021, Kaspersky security solutions blocked more than 20.1 thousand malware variants from 5,150 families in ICS environments. Denylisted internet resources were the main threat source and were blocked on 14% of ICS computers.
Threat performers use malicious scripts on various media resources and websites hosting pirated content. These scripts redirect users to websites that spread spyware and/ or cryptocurrency miners. The percentage of computers where this type of threats was blocked has grown since 2020. Malicious scripts and redirects( JS and HTML) were blocked on 8.8% of ICS computers (+ 0.7 p.p .).
Australia and New Zealand (+ 3.8 p.p .), as well as Russia (+ 4.4 p.p .) learnt a noticeable growth in the percentage of computers where malicious scripts used for downloading spyware were blocked. Spyware( backdoors, trojan spies and keyloggers) were blocked on 7.4% of ICS computers (+ 0.4 p.p .).
This figure was highest in East Asia( 14.3% ), Africa( 13.4%) and Southeast Asia( 11.2% ). Ransomware was blocked on 0.40% of ICS computers( -0. 1 p.p .)
This figure is higher in East Asia with 0.82%.
The full report is available on the Kaspersky ICS CERT website.