The recent Kaspersky ICS Cert report has revealed that in the first half of 2023, 32% of ACS computers in Russia were blocked by malicious objects. This places Russia, along with the Middle East, among the regions with the highest proportion of ACU computers on which harmful scripts and phishing pages were intercepted.
According to the report, the main sources of threats for Russian industrial facilities are the Internet, email, and removable media. Surprisingly, in the first six months of 2023, email has surpassed removable media as the primary source of threats to ACS in Russia. The proportion of ACU computers targeted through email clients has been on the rise since the second half of 2021. An interesting observation is that the dynamics of threats from email and removable media are moving in opposite directions, with growth in one being accompanied by a decrease in the other.
Diving into the types of cyber attacks, the report highlights an increase in the proportion of computers with blocked malware and web mainkers in Russia from January to June 2023. Attackers are now distributing malware through phishing electronic messages to infect computers.
When it comes to the sectors most affected by these attacks in Russia, three industries take the lead. The engineering and integration of ACS sector tops the list with 35.8% of attacked automated control systems, followed closely by automation of buildings at 34.3% and the energy sector at 32.6%. Notably, the growth in the share of attacked computers is observed only in the production industry.