Nearly half of operating technology computers were attacked by viruses in 2022

Operational computer systems – hardware and process control software in factories and other production facilities – are being attacked more by hackers. Last year saw a record in the percentage of OT computers (Operational Technology) affected by malware (40.6%). That is, more than four out of ten devices analyzed by the cybersecurity company Kaspersky were attacked by “viruses” intended to cause damage to the network.

According to the Kaspersky ICS CERT threat landscape report, the second half of 2022 was the period with the highest rate of attacks on the secondary sector, with 34.3% of impacted computers, and an increasing number of attacks using malicious scripts , pages of phishing (JS and HTML) and denied features.

Incidentally, in the automotive and energy industries there was such significant growth that both accounted for more than a third of the attacks on all sectors (36.9% and 34.5%, respectively).

If we look around the globe, Africa, the Middle East region and Asia continue to be the areas where the highest percentage of OT computers are compromised by removable devices. In Europe, the north stands out for the growth in ransom attacks and the spread of malware via email clients. Serbia and Bosnia and Herzegovina are even among the ten most attacked countries through email classification (16.7%).

“Globally, 2022 stands out for its abnormal absence of any seasonal changes. Our team observed a consistently high rate of attacks on industrial sectors – without a typical drop in attacks during the summer break or winter break period”, explains senior researcher Kirill Kruglov, from Kaspersky ICS CERT.

“However, the increasing rates of attacks on industrial sectors, which are being conducted using social engineering, seem alarming. We strongly recommend customers in these sectors to review their current approach to security and check that all security systems are up to date and that their staff is well trained”, warned the expert of the multinational whose cybersecurity solutions blocked malware 7,684 families in industrial automation systems between June and December (+6% than in the first half of 2022).

What are the recommendations of Kaspersky experts?

• Conduct regular security assessments of OT systems to identify and eliminate potential cybersecurity issues.
• Conduct ongoing vulnerability assessment and screening as a “basement” for an effective vulnerability management process.
• Upgrading the main components of the company’s OT network, applying security patches or implementing countermeasures as soon as technically possible, because it is crucial to avoid a serious incident that could cost millions due to the interruption of the production process.
• Improve response to new and advanced malicious techniques by building and strengthening teams’ prevention, detection and response capabilities through OT security trainings for IT security teams and OT personnel