Malware Affects 40.6% of Operational Technology Computers in Industrial Settings in 2022
A recent report by security researchers at Kaspersky has revealed that two out of every five (40.6%) operational technology (OT) computers used in industrial settings have been impacted by malware in 2022. This represents a 6% increase compared to the previous half of the year and is almost 1.5 times higher than in the second half of 2021.
Alarming Trends in Industrial Sector Attacks
Kirill Kruglov, senior researcher at Kaspersky ICS CERT, noted that 2022 has been marked by an abnormal absence of seasonal changes in cyber attacks on industrial sectors. There has been a steady high rate of attacks throughout the year, with no typical drop during vacation or holiday periods. Particularly concerning is the growing use of social engineering tactics in these attacks.
The latest report from Kaspersky highlights that the top two categories of malware observed by the team are malicious scripts and phishing pages, which have shown significant growth in the second half of 2022. Threat actors are using these tools to gather information, monitor activity, and redirect browser requests to malicious websites.
Malicious scripts are also being utilized to facilitate the download of harmful programs and load malware, such as spyware or tools for covert cryptocurrency mining, directly into users’ browsers.
Regional Trends and Industry Targets
From a geographical perspective, Northern Europe is the only region that has seen an increase in malware spread through email clients. On the other hand, Africa, the Middle East, Asia, and Latin America lead in the number of compromised OT computers through the use of removable devices.
According to the report, attacks targeting the automotive manufacturing and energy sectors have seen significant growth, accounting for 36.9% and 34.5% of all industries, respectively.
Recommendations for Enhanced Security
Kruglov emphasized the importance of revising security approaches and ensuring that all systems are up-to-date while also providing comprehensive training for personnel, especially in the automotive manufacturing and energy sectors.
This data from Kaspersky comes on the heels of a recent report by SecurityScorecard, which indicated that 48% of critical manufacturing organizations in the US are vulnerable to data breaches.