Spyware, malicious scripts target industrial computers

Read time 2min 10sec

Nearly one in three industrial computers worldwide was hit by malicious activity in the first half of this year, posing a significant risk to industrial control systems (ICS).

During this period, bad actors used various types of spyware and malicious scripts to carry out their attacks.

This was one of the findings of the Threat Landscape for Industrial Automation Systems Report by Kaspersky, which noted that the company’s security solutions blocked over 20 000 malware variants during the first six months of 2021.

To unpack how the ICS threat landscape changed during this time, the company’s researchers analysed various types of malware used during cyber attacks against industrial systems.

According to the company, attacks against industrial organisations are particularly dangerous as malefactors could not only steal data and money, they could disrupt the established system of production.

The fact that criminals are diversifying their attack methods and tools highlights their interest in these systems, and consequently, an increase in the need to reliably protect them.

The research revealed that spyware (Trojan-Spy malware, backdoors and keyloggers), which is mostly commonly used to steal money was up by 0.4 percentage points.

Concurrently, malicious scripts grew by 0.7 percentage points. Threat actors use these scripts on a range of Web sites hosting pirated content to redirect users to dangerous pages which distribute spyware or malware designed to mine crypto-currency without the user’s knowledge.

Evgeny Goncharov, a security expert at Kaspersky, says industrial entities are always in the cross hairs of regular attackers, as well as those who are politically-motivated.

“Reflecting on the previous half year, we have seen among other findings, growth in the number of cyber espionage and malicious credential stealing campaigns. Their success has most likely been the main factor raising the ransomware threat to such a high degree. And I see no reason why some of the APT groups won’t benefit from these credential stealing campaigns as well,” he says.

To keep ICS systems safe from attacks, the security giant recommends using security solutions for OT endpoints and networks, emploing ICS network traffic monitoring, analysis and detection solutions, and providing the security team responsible with up-to-date threat intelligence.

Undertaking dedicated ICS security training for IT security teams and OT engineers is also recommended, as is conducting regular security audits of OT networks to identify and eliminate security issues.

See also