The Middle East region remains the primary target of ransomware attacks compared to other regions. Turkey is among the countries where increases in blocked attacks are observed in many sectors, including building automation, energy and engineering, throughout 2022.
According to Kaspersky ICS researchers, in the second half of 2022, Kaspersky security solutions blocked 6% of malware in industrial automation systems compared to the first half of the year, and 147% compared to the second half of 2021. The Middle East region ranks in the top three for the proportion of industrial control systems (ICS) hacked via removable media (USB flash drives or hard drives). Africa, on the other hand, continues to rank high in the regional rankings, considering the number of ICS computers targeted using removable devices. Turkey is also among the countries where the increase in attacks prevented in many sectors, including building automation, energy and engineering, throughout 2022.
Turkey is affected by ransomware.
Compared to other regions, the rate of ICS computers with spyware blocked in Turkey in the second half of 2022 was 12.4%, which was high. Looking at other malware categories blocked in ICSs in Turkey, malicious scripts and rejected internet resources top the list with 19.7% and 13.0%.
Malicious scripts and phishing pages (JavaScript and HTML) are distributed both online and via email. A significant number of blocked internet resources are used to send malicious scripts and redirect to phishing pages.
Other categories of objects blocked on ICS computers in Turkey include malicious documents (6.6%) and worms (4.7%). Turkey also remains the region most affected by ransomware attacks.
The situation regarding the number of blocked attacks varied between different sectors. Building automation in the second half of 2022 in Turkey (41.9% attacks, +2.1 p. compared to the first half of 2022), energy (43.2%, +1.8%), engineering (43%) There is an increase in attacks in various sectors, including .5, +3.6) and manufacturing (36.8%, +1.4% p.).
Kaspersky ICS CERT senior researcher Kirill Kruglov said about the published reports: “In general, 2022 caught our attention as a year in which seasonal changes were not observed – abnormally. Our team has observed that attacks on industrial sectors are consistently high, with no typical drop in attacks during the summer or winter vacation periods. However, the increase in attacks using social engineering in industrial sectors seems alarming. We strongly advise customers in these industries to review their current security approach and check that all security systems are up to date and their staff is well-trained.”
You can learn more about the ICS threat landscape in H2 2022 on the Kaspersky ICS CERT website.
To protect your OT (Operational Technology) computers against various threats, Kaspersky experts recommend:
– Ensure regular security assessments of OT systems are carried out to identify and eliminate potential cybersecurity issues.
– Establishing ongoing vulnerability assessment and triage as the basis for effective vulnerability management process. Custom solutions like Kaspersky Industrial CyberSecurity can become an effective utility and a unique source of actionable information that is not available to the public.
– Make timely updates to key components of the enterprise’s OT network; Implementing security fixes and patches or taking remedial action as soon as technically possible is crucial to prevent a major incident that could cost millions due to production process disruption.
– Use of EDR solutions such as Kaspersky Endpoint Detection and Response to detect advanced threats in a timely manner, investigate incidents and remediate them effectively.
– It is critical that your teams improve response to new and advanced malicious techniques by developing and strengthening incident prevention, detection and response capabilities. Dedicated OT security training for IT security teams and OT personnel is one of the key measures to help achieve this.
Source: (BYZHA) – Beyaz News Agency