Kaspersky’s ICS CERT unveils an analysis of Operational Technology (OT) cybersecurity trends for the second half of 2023 (H2 2023). The report offers insight into the evolving threat landscapes globally and regionally, as well as within specific industries.
Kaspersky’s analysis shows a decrease in the percentage of Operational Technology, or OT computers attacked — to 31.9% in the second half from 34.0% in the first half of 2023. This drop moves the attack rate closer to the levels observed in 2020, with a yearly average of 38.6% of OT computers attacked in 2023. Despite this reduction, the landscape of threats remained diverse and multifaceted over the past year, with threats spreading via internet continuing as the main source of cyber risks to OT computers, accounting for 18.1% of the attacks, followed by email clients at 4.0% and removable media at 1.9%.
Kaspersky’s analysis shows a decrease in the percentage of Operational Technology, or OT computers attacked — to 31.9% in the second half from 34.0% in the first half of 2023. This drop moves the attack rate closer to the levels observed in 2020, with a yearly average of 38.6% of OT computers attacked in 2023. Despite this reduction, the landscape of threats remained diverse and multifaceted over the past year, with threats spreading via internet continuing as the main source of cyber risks to OT computers, accounting for 18.1% of the attacks, followed by email clients at 4.0% and removable media at 1.9%.
Percentage of ICS computers on which the activity of malicious objects of various categories was prevented
A concerning finding is the 1.4-fold global increase ICS systems on which miner executables for Windows were blocked in H2 2023 compared to H1 2023. This highlights the evolving tactics employed by threat actors, who are increasingly seeking to exploit vulnerabilities and leverage ICS infrastructure for their own financial gain. Additionally, this may signify a shift in attackers’ focus towards more discreet exploitation techniques.
Kaspersky’s analysis delves deeper, revealing regional variations in the threat landscape. In H2 2023, the percentage of computers on which malicious activity was prevented varied across regions from 38.2% in Africa to 14.8% in Northern Europe. South Asia, Eastern and Southern Europe were the regions that witnessed increases in the blocking of malicious objects.
The report also emphasizes the importance of taking care of country-specific cybersecurity problems. The data shows a stark disparity in the impact of threats across different nations (e.g., Yemen: 56.6% blocked objects, Iceland: 7.4%).
Focusing on specific industries, the report identifies building automation as the most targeted sector (H2 2023: highest percentage of blocked objects). The oil and gas sector display a fluctuating trend, experiencing a slight increase in attacks in H2 2023 after a period of decline.
Percentage of OT computers on which malicious objects were blocked in selected industries
“Although the general exposure of the Global OT infrastructure to cyberthreats decreased in the second half of 2023, industrial companies should continue fortify their defenses and stay ahead of ever-evolving threats. Our report includes regional-, country- and industry-specific breakdowns of threats capable of reaching out to OT systems, which can help organizations to tailor their cybersecurity strategies,” comments Evgeny Goncharov, head of Kaspersky’s ICS CERT.
