Kaspersky reports increase in ransomware and spyware attacks on industrial systems in Q2 2024

Kaspersky’s research shows that 23.5% of ICS computers globally were exposed to cyberthreats in Q2 2024, down slightly from 24.4% in Q1 2024, marking a 0.9 percentage point decrease. However, ransomware activity surged, with the percentage of ICS computers affected by ransomware rising by 1.2 times compared to the previous quarter. The report also identifies spyware as a persistent threat, as attackers use it to conduct espionage and pave the way for ransomware and targeted attacks.

“Our findings reveal that while the overall number of attacks on OT computers is slightly down, the rise in ransomware and spyware is concerning,” says Evgeny Goncharov, head of Kaspersky ICS CERT. “High-impact malware like ransomware can disrupt critical operations in any industry, whether it’s manufacturing, energy, transportation, or others. Spyware is often used to steal corporate credentials and resell them on dark web marketplaces for future reuse by ransomware gangs, hacktivists, and APTs. Overexposing OT infrastructures to spyware threats puts operations and businesses at high risk of a devastating incident.”

Key Findings:

• Ransomware on the rise: Kaspersky reports a 1.2x increase in ransomware attacks on ICS systems, reaching the highest level since 2023. Ransomware incidents spiked particularly in May 2024, posing a heightened risk to industrial operations.
• Persistent spyware: The report highlights a continued presence of spyware, including backdoors, keyloggers, and trojans, which are often used for data theft and to enable further attacks such as ransomware. The percentage of ICS computers affected by spyware rose to 4.08%, an increase from 3.90% in Q1 2024.
• Innovative mining techniques: Attackers continue to employ sophisticated methods to deploy cryptocurrency mining malware on ICS computers. Kaspersky observes increased use of fileless execution techniques, where malicious code is executed directly in memory, making detection and prevention more challenging.
• Regional insights: ICS systems in Africa remain the most heavily targeted, with 30% of computers affected, while Northern Europe had the lowest percentage of attacks at 11.3%. 
• Sector-specific vulnerabilities: The building automation sector saw the highest percentage of ICS computers attacked, although the overall attack rate across all industries declined in Q2 2024. Kaspersky’s report details how attackers exploit weak points in building automation networks, often targeting internet-facing systems and outdated software.

For the full Q2 2024 Industrial Control Systems cybersecurity report, visit the Kaspersky ICS CERT webpage.

To keep your OT computers protected from various threats, Kaspersky experts recommend:

• Conduct audits and regular security assessments of IT and OT systems to achieve the highest possible security level by available means. 
• Organize training specifically designed for those who work with industrial control systems and for those directly responsible for IT/OT Security. 
• Performing timely updates for the key components of the enterprise’s OT network.
• Applying security fixes and patches to implement compensating measures as soon as it is technically possible is crucial to prevent a major incident that might cost millions due to the interruption of the production process.
• To enable reliable protection of industrial networks and automation systems, use Kaspersky Industrial CyberSecurity (KICS), an OT XDR platform, offering centralized asset and risk management, security and compliance audit, unparalleled scalability and IT - OT Convergence with Kaspersky ecosystem.
• Provide the security team responsible for protecting industrial control systems with up-to-date threat intelligence. The ICS Threat Intelligence Reporting service provides insights into current threats and attack vectors, and provides ways to mitigate them.