Kaspersky: Small Increase in the Percentage of ICS Computers Targeted in 2021



According to Kaspersky, the percentage of industrial control system (ICS) computers attacked increased somewhat in 2021 compared to the previous year, but specific types of threats increased significantly.

Overall, Kaspersky’s products stopped “malicious items” on 39.6 percent of ICS systems, up from 38.6 percent in 2020. On the other hand, the company only saw assaults on 31.4 percent of devices in the second half of 2021, the lowest percentage of any six-month period since the start of 2020.

However, for specific types of threats, the frequency of detections has been increasing over the last two years. This includes malware (restricted on over 8.1 percent of devices, up from 5.6 percent in H1 2020), harmful scripts and phishing pages (9.3 percent, up from 6.5 percent), and cryptocurrency miners (banned on over 8.1 percent of devices, up from 5.6 percent in H1 2020). (2.1 percent up from 0.9 percent ).

According to Kaspersky’s analysis, over 20% of systems in North America were targeted, roughly the same as in Western Europe. In several parts of Asia, the percentage of targeted systems approached 40%, while in Africa and Southeast Asia, it even reached 50%.

In the first and second halves of 2021, the cybersecurity firm’s technologies prevented around 5,000 malware families and 20,000 malware variants on industrial systems. This is basically the same as the previous two years in terms of varieties. However, while there was no substantial shift in malware families in 2021 compared to 2020, the numbers are approximately double what they were in 2019.

When it comes to the industries that house the targeted gadgets, the construction and automation industry was the hardest hit, followed by oil and gas, manufacturing, energy, engineering, and automobile manufacture.

“While the threat types that find their way to ICS computers have remained relatively constant, we have seen a constant increase in the share of ICS computers facing malicious scripts and phishing pages, as well as Trojans, spyware, and miners that would normally be delivered by malicious scripts,” said Kirill Kruglov, Kaspersky’s security expert.

“Crypto miners are frequently overlooked as a big threat,” Kruglov continued, “which is not a healthy approach.” While miners may have a minor impact on the office network, their labour and distribution can result in the denial of service for some automated control system components.”



SCADA servers, historians, OPC systems, engineering and operator workstations, HMIs, computers used to administer industrial networks, and devices used to build industrial automation software are among the industrial systems from which the organisation received data.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.