Connect with us

Hi, what are you looking for?



Malware on ICS Increasingly Comes From Internet: Kaspersky

Kaspersky Lab products installed on industrial automation systems have detected over 19,000 malware samples in the first half of 2018, and the company has determined that the Internet is an increasingly significant source of attacks.

Kaspersky Lab products installed on industrial automation systems have detected over 19,000 malware samples in the first half of 2018, and the company has determined that the Internet is an increasingly significant source of attacks.

According to Kaspersky’s “Threat Landscape for Industrial Automation Systems” report for H1 2018, the company detected over 19,400 samples belonging to roughly 2,800 malware families. As expected, most of the attempts to infect industrial systems were part of random attacks rather than targeted operations.

An overall increase in malicious activity has led to attack attempts against 41.2% of the industrial control systems (ICS) protected by the security firm, which represents an increase of nearly 5 percentage points compared to the first half of 2017. Kaspersky detected 18,000 malware samples belonging to more than 2,500 families in that period.

Attacks were reported all around the world, but Asian, Latin American and North African countries had the highest percentage of attacked ICS computers, with up to 75% of devices targeted. In the United States, only 21.4% of industrial systems were targeted. Kaspersky noted that developed countries had recorded fewer attacks compared to ones with a low per capita GDP.

ICS attacks in H1 2018

A majority of the detected threats were Trojans using either Windows or web browsers as a platform.

“In H1 2018, threat actors continued to attack legitimate websites that had vulnerabilities in their web applications in order to host malware components on these websites,” Kaspersky said in its report. “Notably, the increase in the percentage of ICS computers attacked through browsers in H1 2018 was due to the increase in the number of attacks that involved JavaScript cryptocurrency miners. At the same time, the increase in the number of ICS computers attacked using Microsoft Office documents was associated with waves of phishing emails.”

Register for SecurityWeek’s 2018 ICS Cyber Security Conference

Advertisement. Scroll to continue reading.

The security firm determined that the Internet was the source in 27.3% of attacks, which represents an increase of nearly 7 percentage points compared to the same period of last year. Removable media accounted for 8.4% and email clients for 3.8% of attacks, with no significant changes compared to the prior period.

“This pattern seems logical: modern industrial networks can hardly be considered isolated from external systems. Today, an interface between the industrial network and the corporate network is needed both to control industrial processes and to provide administration for industrial networks and systems,” Kaspersky said.

Asia, Africa and Latin America are not only the most targeted, but they also represent the main sources of threats blocked by Kaspersky’s products.

Related: Five Threat Groups Target Industrial Systems

Related: DHS Warns of Malware Targeting Industrial Safety Systems

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.