《卡巴斯基:2023H1工业自动化系统的威胁形势概述报告(英文版)(33页).pdf》由会员分享,可在线阅读,更多相关《卡巴斯基:2023H1工业自动化系统的威胁形势概述报告(英文版)(33页).pdf(33页珍藏版)》请在三个皮匠报告上搜索。
1、 Threat landscape for industrial automation systems Statistics for H1 2023 Kaspersky ICS CERT 13.09.2023 Version 1.0 THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 1 2023 AO KASPERSKY LAB.Mid-year highlights.2 Figures.2 All threats.2 Categories of malicious objects.2 Main
2、threat sources.2 Good news.2 Rankings where regions that do best were doing worst.3 Global threat statistics.8 Regions.9 Countries.11 Individual industries.12 The variety of malware detected.13 Categories of malicious objects.14 Malicious scripts and phishing pages(JS and HTML).15 Denylisted interne
3、t resources.16 Spyware.17 Malicious documents(MSOffice+PDF).18 Malicious cryptocurrency miners.19 Viruses and worms.21 Ransomware.23 Malware for AutoCAD.24 Main threat sources.25 World.25 Regions and countries.26 Internet.26 Email clients.27 Removable devices.28 Network folders.29 Methodology used t
4、o prepare statistics.31 THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 2 2023 AO KASPERSKY LAB.Mid-year highlights Figures All threats In the first half of 2023,malicious objects(all types of threats)were blocked on 34%of ICS computers.This was 0.3 pp less than in the seco
5、nd half of 2022.In the second quarter of 2023,this percentage reached the highest quarterly level globally since 2022,26.8%.The figure varied between 40.3%in Africa and 14.7%in Northern Europe by region,and between 53.3%in Ethiopia and 7.4%in Luxembourg by country.Categories of malicious objects Mal
6、icious scripts and phishing pages were blocked on 12.7%of ICS computers Denylisted internet resources,on 11.3%Spyware,on 6%Malicious documents,on 4%Ransomware,on 0.32%.This is the lowest percentage since the beginning of 2020.Main threat sources The internet was the source of threats blocked on 19.3
7、%of ICS computers.Email clients 6%Removable devices 3.4%Good news H1 2022022 2 saw a noticeable increase in the percentage of ICS computers on which the following threats were blocked:Spyware Malicious documents Malicious miners in the form of Windows executables Ransomware THREAT LANDSCAPE FOR INDU
8、STRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 3 2023 AO KASPERSKY LAB.That was the bad news.Here comes the good news.The percentages of ICS computers on which all these threat categories were blocked had been declining since mid-2022.In H1 2023,the percentage of ICS computers on which these categ
9、ories of threats were blocked,dropped in virtually every region.A few unlikely exceptions to this will be dealt with below.Rankings where regions that do best were doing worst Australia and New Zealand,the United States and Canada,Western Europe,and Northern Europe historically have had the lowest p
10、ercentages of ICS computers on which malicious objects are blocked.In H1 2023,however,those were the very regions where the percentages of attacked ICS computers increased by the most percentage points.Percentage of ICS computers on which the activity of malicious objects of various categories was p
11、revented H1 2023 changes in the percentages of ICS computers on which malicious objects were blocked,by region THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 4 2023 AO KASPERSKY LAB.Australia and New Zealand see this figure vary from half-year to half-year,and it did not e
12、xceed previous periods values in H1 2023.In Northern Europe,and the United States and Canada,we recorded an upward trend in the percentage of attacked ICS computers.In Western Europe,the percentage of computers on which malicious objects were blocked declined in 2022 before spiking in H1 2023 to exc
13、eed the previous two years figures.Let us anticipate a question by saying that despite the increase in the percentage of attacked computers,these regions retained a minimal percentage by virtually every criterion.As for the half-year increase,these regions did top many lists in H1 2023.Blocked denyl
14、isted internet resources,and malicious scripts and phishing pages were the biggest contributors to this increase in the historically safer regions.Percentage of ICS computers on which malicious objects were blocked in selected regions THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR
15、 H1 2023 5 2023 AO KASPERSKY LAB.Both threat types spread via the internet,while malicious scripts and phishing pages also spread via email.The percentage of ICS computers on which threats from these two sources were blocked in the United States and Canada,and Western Europe also increased the most
16、among all regions.These are not the only bad lists these regions topped.The United States and Canada,Northern Europe,and Australia and New Zealand saw the largest growth in the percentage of computers on which spyware was blocked.H1 2023 changes in the percentages of ICS computers on which malicious
17、 scripts and phishing pages were blocked,by region H1 2023 changes in the percentages of ICS computers on which denylisted internet resources were blocked,by region THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 6 2023 AO KASPERSKY LAB.Note that the percentage of ICS compu
18、ters attacked by ransomware in H1 2023 increased in four regions including Australia and New Zealand,and the United States and Canada,by the relatively significant respective values of 0.19 pp and 0.13 pp,and in Northern Europe.The percentages of computers on which viruses and worms were blocked wer
19、e similarly unexpected.The five regions where these figures increased the most were the United States and Canada,Northern Europe,Australia and New Zealand,and Western Europe.H1 2023 changes in the percentages of ICS computers on which spyware was blocked,by region H1 2023 changes in the percentages
20、of ICS computers on which ransomware was blocked,by region THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 7 2023 AO KASPERSKY LAB.Australia and New Zealand saw an increase in the number of computers on which threats were blocked after removable devices were connected.H1 20
21、23 changes in the percentages of ICS computers on which viruses were blocked,by region H1 2023 changes in the percentages of ICS computers on which worms were blocked,by region THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 8 2023 AO KASPERSKY LAB.Global threat statistics
22、In the first half of 2023,the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%.That said,the percentage of attacked ICS computers dropped in Q1 2023,but then rose again in Q2 2023,reaching highest quarterly figure since 2022.H1 2023 cha
23、nges in the percentages of ICS computers on which threats were blocked after removable devices were connected,by region Percentage of ICS computers on which malicious objects were blocked,by half year THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 9 2023 AO KASPERSKY LAB.I
24、n spring(March through May),the percentage of ICS computers on which malicious objects were blocked remained higher than in the other three months.Regions The percentage of computers on which malicious activity was prevented varied across regions from 40.3%in Africa to 14.7%in Northern Europe.Percen
25、tage of ICS computers on which malicious objects were blocked,by quarter Percentage of ICS computers on which malicious objects were blocked,January-June 2023 Percentage of ICS computers on which malicious objects were blocked,by regions THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS
26、FOR H1 2023 10 2023 AO KASPERSKY LAB.You may remember that in the previous half-year,the percentage of ICS computers in Russia and Central Asia on which malicious objects were blocked increased noticeably due to mass infection of websites,including those run by industrial companies,that used an outd
27、ated version of a popular Russian CMS.In H1 2023,the figures in both regions returned to values close to those of H1 2022.As mentioned above,the most significant increases in the percentage of ICS computers on which malicious objects were blocked were recorded in Western Europe(4.6 pp),the United St
28、ates and Canada(1.9 pp),as well as Australia and New Zealand(1.3 pp).Note the minor but steady growth in that percentage in Northern Europe and the Middle East(by 0.3 pp each).Western Europe,which recorded the largest increase among all regions,saw the percentage of attacked ICS computers in H1 2023
29、 grow every month up to May,and then drop to Januarys level in June.Our data indicates that in H1 2023,some threat actors reinvented an old phishing technique that was first seen back in 2010 to target organizations in Europe,including industrial ones.The technique involves infecting a website with
30、a malicious script that triggers a pop-up window resembling a Microsoft tech support window.The pop-up does not contain any links,but instead presents a phishing message and a local phone number to call.When a user calls the number,a threat actor answers the call and communicates in the local langua
31、ge,manipulating the unsuspecting user to download and install a remote access tool or a piece of multifunctional spyware.This technique leverages social engineering tactics to deceive users and gain unauthorized access to their systems,posing a serious threat to organizations,including industrial on
32、es.The industries under review in that region that saw the percentages increase the most were engineering and ICS integration(by 6.1 pp).Western Europe.Percentage of ICS computers on which malicious objects were blocked,January-June 2023 THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS
33、FOR H1 2023 11 2023 AO KASPERSKY LAB.Most of the regions where the percentage of attacked computers increased in H1 2023(Northern and Western Europe,the United States and Canada,and Australia and New Zealand)are usually at the bottom of the list.Africa and the Asian regions where the percentage of I
34、CS computers on which malicious objects are blocked historically has been high,showed a downward trend.Countries The percentage of ICS computers on which malicious objects were blocked varied across countries from 53.3%in Ethiopia to 7.4%in Luxembourg.Western Europe.Percentage of ICS computers on wh
35、ich malicious objects were blocked in selected industries Percentage of ICS computers on which malicious objects were blocked in Africa and regions of Asia THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 12 2023 AO KASPERSKY LAB.Seven African,three Middle Eastern and three
36、Central Asian countries were among the fifteen countries and territories in H1 2023 with the highest percentage of ICS computers on which malicious objects were blocked.Half of the 10 countries that had the lowest figures were located in Northern Europe.Individual industries In H1 2023,the percentag
37、e of ICS computers on which malicious objects were blocked increased in engineering and ICS integration(by 2 pp),manufacture(by 1.9 pp)and energy(by 1.5 pp).Fifteen countries and territories with the highest percentage of ICS computers on which malicious objects were blocked,H1 2023 Ten countries an
38、d territories with the lowest percentage of ICS computers on which malicious objects were blocked,H1 2023 THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 13 2023 AO KASPERSKY LAB.Building automation is still the leader among the industries under review.Energy and oil and ga
39、s have seen opposite trends in the percentage of ICS computers on which malicious objects were blocked since 2021.The variety of malware detected In H1 2023,Kaspersky security solutions blocked 11,727 different malware families in industrial automation systems.Percentage of ICS computers on which ma
40、licious objects were blocked in selected industries Percentage of ICS computers on which malicious objects were blocked in selected industries Malware families blocked on ICS computers THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 14 2023 AO KASPERSKY LAB.Categories of ma
41、licious objects Malicious objects that Kaspersky products block on ICS computers fall under many categories.A brief description of each type of threat is provided in a separate document.Percentage of ICS*computers on which the activity of malicious objects of various categories was prevented*In many
42、 cases,two or more types of threats may have been blocked on a single computer during the reporting period.Therefore,the resulting percentages should not be added together.Only one of the categories grew in H1 2023:denylisted internet resources.The percentage of ICS computers on which threats in thi
43、s category are blocked has grown for the second half-year in a row.Until 2022,denylisted internet resources had topped the list of threat categories,but in 2022,they took second place to malicious scripts and phishing pages,which still remain at the top of the list.Yet,the values for these two types
44、 of threats were converging.THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 15 2023 AO KASPERSKY LAB.Malicious scripts and phishing pages(JS and HTML)Malicious scripts and phishing pages(JS and HTML)spread via both the internet and email.A significant part of denylisted int
45、ernet resources are used to spread malicious scripts and phishing pages.Malicious scripts serve a broad range of goals:from collecting data,tracking and forwarding users to malicious websites,to downloading various malware,such as spyware and/or covert crypto miners,to the system or the browser.The
46、regions with the highest percentage of ICS computers on which malicious scripts and phishing pages were blocked were the Middle East and Russia.The figure increased in five regions over the half-year,mostly in the United States and Canada(by 3.3 pp),Western Europe(by 2.2 pp),and Australia and New Ze
47、aland(by 1.9 pp).Percentage of ICS computers on which malicious scripts and phishing pages,and denylisted internet resources were blocked THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 16 2023 AO KASPERSKY LAB.The countries with the highest percentage of ICS computers on w
48、hich malicious scripts and phishing pages were blocked were Kyrgyzstan(21%)and Afghanistan(20.9%).Denylisted internet resources Africa was the region with the highest percentage of ICS computers on which denylisted internet resources were blocked.Not surprisingly,Africa also had the highest percenta
49、ge of ICS computers on which threats that originated on the internet were blocked(see below under Main threat sources).Regions ranked by percentage of ICS computers on which malicious scripts and phishing pages were blocked,H1 2023 THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1
50、 2023 17 2023 AO KASPERSKY LAB.As mentioned above,denylisted internet resources were the only threat category where the percentage of ICS computers on which the threat was blocked increased worldwide.This figure grew in most regions during the half-year,with the largest increases recorded in the Uni
51、ted States and Canada(3.2 pp),Eastern Europe(2.6 pp),and Australia and New Zealand(2.5 pp).The countries with the highest percentage of ICS computers on which denylisted internet resources were blocked were Algiers(21.8%)and Afghanistan(20.2%).Spyware The percentage of ICS computers on which spyware
52、 is blocked continued to decline.Earlier,we saw the figure rise from 2020 through H1 2022.Regions ranked by percentage of ICS computers on which denylisted internet resources were blocked,H1 2023 Percentage of ICS computers on which spyware was blocked THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYST
53、EMS.STATISTICS FOR H1 2023 18 2023 AO KASPERSKY LAB.Africa had the highest percentage of ICS computers on which spyware was blocked in H1 2023.The Middle East and Southeast Asia had similarly high percentages.The leaders among countries and territories were Tajikistan(18.9%),Algiers(16.7%)and Afghan
54、istan(16.6%).Malicious documents(MSOffice+PDF)Hackers spread malicious documents via phishing messages and use them in attacks which aim for primary infection.The global percentage of ICS computers on which threats in this category were blocked more than doubled in H1 2022 and had declined since.Yet
55、 in H1 2023,it remained higher than in 20202021.Regions ranked by percentage of ICS computers on which spyware was blocked in H1 2023 Percentage of ICS computers on which malicious documents were blocked THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 19 2023 AO KASPERSKY L
56、AB.The regions with the highest figures were Latin America and Southern Europe.These regions also had the highest percentages of ICS computers on which email threats were blocked.The United States and Canada saw the largest increase(by 0.72 pp)in the percentage of computers on which malicious docume
57、nts were blocked.The countries with the highest percentage of ICS computers on which malicious documents were blocked were Algiers(16.7%)and Afghanistan(16.6%).Malicious cryptocurrency miners Miners often spread via websites to which users are redirected with the help of malicious scripts that hacke
58、rs deploy on various media and pirating sites.The global percentage of ICS computers on which malicious miners(both Windows executables and web miners)were blocked decreased in H1 2023.Regions ranked by percentage of ICS computers on which malicious documents were blocked,H1 2023 THREAT LANDSCAPE FO
59、R INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 20 2023 AO KASPERSKY LAB.Central Asia was the region with the highest percentage of ICS computers on which miners Windows executable files were blocked in H1 2023.The countries and territories with the highest percentage were Tajikistan(7.9%)and
60、 Turkmenistan(7.4%).Africa was the leader among regions by percentage of computers on which web miners were blocked.Russia,and the United States and Canada saw the percentage increase over the half-year,by 0.13 pp and 0.12 pp,respectively.Percentage of ICS computers on which malicious programs for c
61、overt crypto mining were blocked Regions ranked by percentage of ICS computers on which miners executable files were blocked in H1 2023 THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 21 2023 AO KASPERSKY LAB.Serbia was the leader among the countries and territories with th
62、e highest percentage of ICS computers on which web miners were blocked,with 6.4%.Viruses and worms The percentage of ICS computers on which worms were blocked continued to decrease.We believe this is an indirect indication of the systematic use of security solutions in OT environments,which eliminat
63、es infection hotspots and prevents the spread of self-propagating malware.The percentage of ICS computers on which viruses were blocked did not change in H1 2023.Viruses and worms spread across ICS networks by means of removable media,shared folders,infected files,such as backups,and network attacks
64、 on outdated software,such as Radmin2.Regions ranked by percentage of ICS computers on which web miners running in browsers were blocked in H1 2023 Percentage of ICS computers on which viruses and worms were blocked THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 22 2023 AO
65、 KASPERSKY LAB.Many viruses and worms still circulating are old,and their command-and-control servers have long been shut down.Besides undermining the security of infected systems,for example,by opening network ports and changing settings,these older worms and viruses can potentially cause software
66、to quit unexpectedly or create denial-of-service conditions.Newer worm varieties,which malicious actors use to spread spyware,ransomware and miners,can be found on ICS networks as well.In most cases,these worms spread by exploiting vulnerabilities in network services(such as SMB and RDP)that have be
67、en fixed by vendors but are still unpatched on OT networks,using previously stolen authentication credentials or bruteforcing passwords.The percentage of ICS computers on which worms were detected was still very high in Africa,making that region the leader by percentage of ICS computers on which thr
68、eats were blocked after removable devices were connected.The United States and Canada,and Northern Europe saw the largest increases during the half-year,by 0.53 pp and 0.45 pp,respectively.The highest percentage of ICS computers on which worms were detected was recorded in Mali(20.8%).Note that Turk
69、menistan(18%)was among the five countries with the highest figures alongside African countries.The virus issue remained relevant for Southeast Asia.The percentage of ICS computers on which viruses were blocked grew in many regions,mostly the United States and Canada(by 0.49 pp),and Northern Europe(b
70、y 0.44 pp).Regions ranked by percentage of ICS computers on which worms were blocked in H1 2023 THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 23 2023 AO KASPERSKY LAB.Afghanistan(16.6%),Vietnam(14.1%)and Yemen(13.8%)were among the countries and territories with the highes
71、t percentage of ICS computers on which viruses were blocked.Ransomware After the percentage of ICS computers on which ransomware was blocked increased in H1 2022,it dropped to the lowest level since 2020 in H1 2023.East Asia and the Middle East were the regions with the highest percentage of ICS com
72、puters attacked by ransomware in H1 2023.Regions ranked by percentage of ICS computers on which viruses were blocked in H1 2023 Percentage of ICS computers on which ransomware was blocked THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 24 2023 AO KASPERSKY LAB.The percentag
73、e of ICS computers attacked by ransomware shrank in most regions of the world.It grew by 0.19 pp in Australia and New Zealand,by 0.13 pp in the United States and Canada,and slightly in Northern and Eastern Europe.Of all countries and territories,Yemen had by far the highest percentage of ICS compute
74、rs on which ransomware was blocked in H1 2023.One European country,Moldova,unexpectedly became one of the half-years 10 leaders.Malware for AutoCAD East Asia had the highest percentage(3.1%)of ICS computers on which AutoCAD malware,viruses specifically,was blocked.This category of threats is Regions
75、 ranked by percentage of ICS computers on which ransomware was blocked in H1 2023 Ten countries and territories with the highest percentage of ICS computers on which ransomware was blocked in H1 2023 THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 25 2023 AO KASPERSKY LAB.d
76、etected on computers that are part of OT networks,for instance,in network folders and on engineering workstations.The countries with the highest percentage of ICS computers on which malicious AutoCAD malware was blocked were China(2.6%)and Vietnam(1.5%).Main threat sources The internet,email clients
77、 and removable devices remained the key sources of threats to computers in the operational technology infrastructure of organizations.Note that the sources of blocked threats cannot always be reliably determined.World In the first half of 2023,the percentage of ICS computers on which malicious objec
78、ts were blocked,dropped for virtually every main threat source.As is the case with the overall threat statistics,the percentage of ICS computers on which malicious objects from various sources were blocked varies by region and country.Percentage of ICS computers on which malicious objects from vario
79、us sources were blocked The percentage of ICS computers on which network folder threats were blocked THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 26 2023 AO KASPERSKY LAB.Regions and countries Internet In the first half of 2023,Africa,the Middle East and Russia were the
80、regions with the highest percentage of ICS computers on which internet threats were blocked.The largest increase in the percentage of ICS computers on which internet threats were blocked in the first half of 2023 was recorded in the regions that were historically the safest:Western Europe(by 2.6 pp)
81、,the United States and Canada(by 2 pp),and Australia and New Zealand(by 1.4 pp).The Russia and Central Asia figures dropped noticeably.In the previous half-year,these regions saw a sharp increase in the percentage of ICS computers on which internet threats were blocked.The increase was due to mass i
82、nfection of websites,including those run by industrial companies,that used an outdated version of a popular CMS.One European country,Serbia,remained among the 15 countries and regions where that percentage was the highest.Regions ranked by percentage of ICS computers on which threats from the intern
83、et were blocked,H1 2023 THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 27 2023 AO KASPERSKY LAB.Email clients Since the first half of 2022,Southern Europe has remained the region with the highest percentage of ICS computers on which malicious email attachments and phishing
84、 links were blocked.The percentage of ICS computers on which email threats were blocked grew in the United States and Canada(by 0.3 pp),Western Europe(by 0.4 pp)and Russia(by 0.1 pp).Fifteen countries and territories with the highest percentage of ICS computers on which internet threats were blocked
85、,H1 2023 Regions ranked by percentage of ICS computers on which malicious email attachments and phishing links were blocked,H1 2023 THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 28 2023 AO KASPERSKY LAB.Southern and Eastern Europe dominated the list of 15 countries and te
86、rritories with the highest percentage of ICS computers on which malicious email attachments and phishing links were blocked.We recommend that information security professionals in these countries pay special attention to protecting employees from phishing email campaigns.Removable devices Africa and
87、 the Asian regions,historically the regions with the highest percentage of ICS computers on which malware is blocked when removable devices are connected,kept their positions.In the first half of 2023,the figure increased slightly in Africa(by 0.63 pp),and more than doubled in Australia and New Zeal
88、and(by 1.2 pp).Fifteen countries and territories with the highest percentage of ICS computers on which malicious email attachments and phishing links were blocked,H1 2023 THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 29 2023 AO KASPERSKY LAB.Africa dominated the list of 1
89、5 countries and territories with the highest percentage of ICS computers on which malware was blocked when removable devices were connected.Network folders Network folders were a minor source of malicious objects.East,Southeast and Central Asia saw the highest percentage of ICS computers on which th
90、reats Regions ranked by percentage of ICS computers on which malware was blocked after removable devices were connected,H1 2023 Fifteen countries and territories with the highest percentage of ICS computers on which malware was blocked when removable devices were connected,H1 2023 THREAT LANDSCAPE F
91、OR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 30 2023 AO KASPERSKY LAB.were blocked in network folders.The figure doubled over the half-year in Australia and New Zealand,pushing the region to fourth place on the list.Turkmenistan had the highest percentage among countries and territories,a
92、s in H2 2022.Fifteen countries and territories with the highest percentage of ICS computers on which malicious objects were blocked in network folders,H1 2023 Regions ranked by percentage of ICS computers on which malicious objects in network folders were blocked,H1 2023 THREAT LANDSCAPE FOR INDUSTR
93、IAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 31 2023 AO KASPERSKY LAB.Methodology used to prepare statistics The report presents the findings of the analysis of statistical data obtained using the Kaspersky Security Network(KSN)distributed antivirus network.The data was received from those KSN user
94、s who gave their voluntary consent to have data anonymously transferred from their computers and processed for the purpose described in the KSN Agreement for the Kaspersky product installed on their computer.Connecting to the KSN network enables our customers to reduce the time it takes the security
95、 solutions installed on their systems to respond to previously unknown threats and to improve the overall detection quality provided by the security products through querying the cloud infrastructure in which malicious object data is stored.That data is technically impossible to transfer entirely to
96、 the client side due to its large size and resource consumption.The information transferred by the user includes only those types and categories of data that are described in the relevant KSN Agreement.This data is not only significantly helpful in analyzing the threat landscape,but it is also neces
97、sary for identifying new threats,including targeted attacks and advanced persistent threats(APT)1 1.The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizatio
98、ns.This group includes Windows computers that perform one or several of the following functions:Supervisory control and data acquisition(SCADA)servers Data storage servers(Historian)Data gateways(OPC)Stationary workstations of engineers and operators Mobile workstations of engineers and operators Hu
99、man Machine Interface(HMI)Computers used for industrial network administration Computers used to develop software for industrial automation systems For the purposes of this report,“attacked computers”are those on which Kaspersky security solutions blocked one or more threats during the period in rev
100、iew(in the diagrams above,this can be a month,half-year or year,depending on the context).When determining the percentages of machines on which malware infections were prevented,we use the ratio of the number of computers attacked during the reporting period to the total number of computers in our s
101、ample from which we received depersonalized information during the reporting period.1 We recommend that organizations which have any restrictions in place with respect to transferring data outside the organizations perimeter should consider using the Kaspersky Private Security Network service.THREAT
102、 LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS.STATISTICS FOR H1 2023 32 2023 AO KASPERSKY LAB.Kaspersky Industrial Control Systems Cyber Emergency Response Team(Kaspersky ICS CERT)is a global project of Kaspersky aimed at coordinating the efforts of automation system vendors,industrial facility owners and operators,and IT security researchers to protect industrial enterprises from cyberattacks.Kaspersky ICS CERT devotes its efforts primarily to identifying potential and existing threats that target industrial automation systems and the industrial internet of things.Kaspersky ICS CERT ics-