Kaspersky: Industrial System Attacks Are Becoming More Sophisticated and Targeted

By Riley ThompsonTechnology News

Kaspersky: Industrial System Attacks Are Becoming More Sophisticated and Targeted

Experts from the Kaspersky ICS CERT (Industrial Control Systems Cyber Emergency Response Team) report that while the overall number of attacks on automated control systems (ACS) has decreased compared to the first quarter of 2023 (from 27.9% to 23.6%), the attacks themselves are becoming more complex. According to specialists, the more sophisticated the attacks become, the higher the likelihood that they can cause more serious damage, even if they occur less frequently.

In several industries in Russia, the percentage of industrial computers with blocked malicious objects was higher than the global average. For example, in construction (24.2% in Russia versus 23.7% worldwide), and in engineering and ACS integrators (27.2% versus 24%).

ACS Computers in Russia with Blocked Malicious Objects

Attackers are also actively targeting integrators, trusted partners, and contractors, and this trend is especially noticeable in Russia.

Phishing Remains a Major Threat

Phishing continues to be one of the most common methods for initial system compromise by attackers targeting industrial facilities. In the first quarter of 2024 in Russia, malicious internet resources were blocked on 7.5% of ACS computers. A significant portion of these malicious resources are used to distribute malicious scripts and phishing pages, which were blocked on 4.6% of ACS computers.

“A successful attack on automated control systems can have severe consequences: it can halt production, impact global logistics and supply chains, and even harm people’s health and the environment,” commented Vladimir Dashchenko, an expert at Kaspersky ICS CERT. “We see that attackers are improving existing tactics and techniques for attacking industrial systems and are also using new types of malicious actions. Unfortunately, people remain the weakest link in an organization’s cyber defense: we often see employees fall for phishing, which can be highly targeted, or deliberately violate cybersecurity requirements.”

Leave a Reply