Cyber threats to industrial infrastructure, specifically industrial control systems (ICS), are rising, a new international study from security provider Kaspersky Lab said.
Mass distributed malware, not targeted attacks, is the most common method to infect ICS computers with most of the threats coming from the internet, followed by removable devices and malicious email attachments.
Nearly half (47%) of the ICS computers the security specialist protects were hit with malware infections last year, a three percent climb from the prior year. Most of the activity emanated from Africa and Asia. Of the 14 geographic regions Kaspersky tracked in the second half of 2018, North America was 12th on the list for ICS infections.
While malicious malware found its way into ICS machines in a variety of ways, once again sub-par awareness and training among employees to spot potential threats didn’t help, according to the report.

“Despite the common myth, the main source of threat to industrial computers is not a targeted attack, but mass-distributed malware that gets into industrial systems by accident, over the internet, through removable media such as USB-sticks, or emails,” said Kirill Kruglov, a Kaspersky security researcher. “However, the fact that the attacks are successful because of a casual attitude to cybersecurity hygiene among employees means that they can potentially be prevented by staff training and awareness – this is much easier than trying to stop determined threat actors.”
Kaspersky issued a set of recommendations ICS operators can apply to blunt attacks:
Recent ransomware attacks against Norwegian aluminum producer Norsk Hydro and two U.S. chemicals suppliers have brought more attention to threats to industrial infrastructure. According to Kaspersky's data, the percentage of ICS computers where its technology prevented ransomware infections rose slightly from 1.6 percent to 2 percent.