Kaspersky has just released its Q2 2024 report analyzing the overall cybersecurity landscape for industrial control systems (ICS). Accordingly, the number of ransomware attacks increased by 20% compared to the previous quarter.
The report finds that critical infrastructure sectors around the world are facing increasing risks from cyberattacks, with ransomware and spyware posing the most serious threats.
According to research by cybersecurity experts, the proportion of industrial control computers globally at risk of becoming targets of cyber attacks has slightly decreased from 24.4% in the first quarter of 2024 to 23.5% in the second quarter of 2024.
However, the number of ransomware attacks increased sharply, with the rate of ICS computers affected by ransomware increasing by 1.2 times compared to the previous quarter. This is the highest level recorded since 2023.
The report also identifies spyware as a persistent threat. Attackers can use spyware to conduct espionage, paving the way for ransomware and targeted attacks.
According to research by cybersecurity experts, cybercriminals are constantly innovating attack techniques to deploy malware and mine cryptocurrencies on ICS computers. Kaspersky has discovered and recorded the rise of a new attack technique, fileless malware. Accordingly, malware is run directly in the system's memory, making detection and prevention more difficult.
The data also shows that ICS systems in Africa remain the most targeted, with 30% of computers affected. Northern Europe has the lowest attack rate (11.3%).
By economic sector, the building automation sector recorded the highest rate of ICS computer attacks, although the overall attack rate across all sectors decreased in the second quarter of 2024.
To protect industrial control computers from threats, cybersecurity experts offer the following recommendations:
- Regularly conduct security checks, monitoring and assessments of information technology systems in general and industrial control computer systems to maintain maximum security levels.
- Organize training programs specifically for employees working with industrial control systems and for those directly responsible for IT security/industrial control computer systems.
- Timely update of core equipment and systems of industrial control network in the enterprise.
- Security patches and fixes need to be applied as soon as possible to prevent serious production disruptions that can cost millions of dollars.
- Use reputable solutions to extend security to industrial control systems, providing centralized asset and risk management solutions...
- Provide threat updates to security teams responsible for protecting industrial control systems.
