Africa among regions with highest number of industrial systems under attack in the first half of 2023

Thu, Sep 21, 2023
By editor
4 MIN READ

Science & Tech

MALICIOUS objects of all types were detected and blocked on 34% of Industrial Control System, ICS, computers in the first half of 2023, according to the ICS CERT landscape report by Kaspersky. In Africa over this period attacks were detected on 40,3% of ICS computers, placing it in first place among the other regions. The top industries under attack were energy (45,9%), engineering & integration (44%) and building automation (40%). All these attacks were blocked after detection.


ICS computers are used in oil & gas, energy, automotive manufacturing, building automation infrastructures and other spheres to perform a range of operational technology, OT, functions – from the workstations of engineers and operators to supervisory control and data acquisition, SCADA, servers and Human Machine Interface, HMI.

Cyberattacks on industrial computers are considered to be extremely dangerous as they may cause material losses and production downtime for the controlled production line and even the facility as a whole. Moreover, industrial enterprises put out of service can seriously undermine a region’s social welfare, ecology and macroeconomics.

An analysis of the most significant and targeted threats detected on ICS computers in selected countries of Africa in the first half of 2023 shows that the threat landscape can vary between countries and between industries due to the differences in the security maturity of different countries/industries and the current focus of threat actors.

In South Africa in the first half of 2023 malware was detected and blocked on 29,1% of ICS computers, in Nigeria on 32,6%, in Kenya on 34,5% of machines.

There are different types of cyberthreats that OT-related computers face – malicious scripts, spy trojans, worms, ransomware, and others. In the first half of 2023 Africa had the highest percentage of ICS computers on which spyware was blocked (9,8%). The Middle East and Southeast Asia had similarly high percentages (8,3% and 8,1%). The global average stands at 6,1%. 

Africa was also the region with the highest percentage of ICS computers (14,8%) on which attacks from denylisted Internet resources were blocked (these are web resources associated with distributing or controlling malware). The global average is 11,3%.

Viruses and worms spread across ICS networks by means of removable media, shared folders, infected files, such as backups, and network attacks on outdated software. The percentage of ICS computers on which worms were detected was very high in Africa (7% vs. 2,3% global average), making this region the leader by percentage of ICS computers on which threats were detected after removable devices were connected.

“Africa’s industrial landscape is diverse, ranging from large-scale mining operations to small-scale agriculture. This means that ICS cybersecurity solutions need to be adaptable to various sectors and technologies. In some regions, legacy ICS systems that lack modern security features are still in use. These systems are often more vulnerable to cyberthreats and require significant upgrades. Lastly, some critical infrastructure in Africa is located in remote areas with limited connectivity, which can make it difficult to monitor and secure ICS assets effectively,” comments Evgeny Goncharov, Head of Kaspersky ICS CERT. “By understanding these risks, organisations can make informed decisions, allocate resources wisely, and efficiently fortify their defenses. In doing so, they not only protect their bottom line but also contribute to a safer and more secure digital ecosystem for all.”

Conducting regular security assessments of OT systems to identify and eliminate possible cyber security issues.

  • Establishing continuous vulnerability assessment and triage as a basement for effective vulnerability management process. Dedicated solutions like Kaspersky Industrial CyberSecurity may become an efficient assistant and a source of unique actionable information, not fully available in public.
  • Performing timely updates for the key components of the enterprise’s OT network; applying security fixes and patches or implementing compensating measures as soon as it is technically possible is crucial for preventing a major incident that might cost millions due to the interruption of the production process.
  • Using EDR solutions such as Kaspersky Endpoint Detection and Response  for timely detection of sophisticated threats, investigation, and effective remediation of incidents.
  • Improving the response to new and advanced malicious techniques by building and strengthening your teams’ incident prevention, detection, and response skills. Dedicated OT security trainings for IT security teams and OT personnel is one of the key measures helping to achieve this.

Distributed by APO Group on behalf of Kaspersky.

A.

-September. 21, 2023 @ 17:48 GMT |

Tags:


Prof lists advantages of GMO technology

GENETICALLY Modified Organisms (GMO) crops are healthier to eat, in many cases than non-GMO crops, says Prof Sylvia Uzochukwu, President...

Read More
NITDA trains  3143 artisans on digital applications

NATIONAL Information Technology Development Agency (NITDA) has trained no fewer than 3,143 trained artisans in Cross River on how to...

Read More
KnowBe4 predicts Artificial Intelligence advances will shape evolving Landscape of Cyber threats and defences

KNOWBE4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, announced its 2025 cybersecurity predictions from its team of...

Read More