Full Report
In Q1 2020 in Europe, Kaspersky products were triggered on 20.4% of ICS computers in the energy sector. A total of 1,485 malware modifications from 633 different families were blocked.
Analysis Summary
# Industry News: Kaspersky Highlights Vulnerability of European Energy Infrastructure
## Summary
In Q1 2020, Kaspersky reported that its security solutions were triggered on 20.4% of Industrial Control System (ICS) computers within the European energy sector. The report identified the blockage of 1,485 malware modifications from 633 distinct families, signaling a highly diverse and persistent threat landscape for critical infrastructure.
## Key Details
- **Date:** August 31, 2020 (Reporting on Q1 2020 data)
- **Companies Involved:** Kaspersky (ICS CERT), Various European Energy Providers
- **Category:** Threat Intelligence / Market Analysis
## The Story
Kaspersky’s ICS CERT (Industrial Control Systems Cyber Emergency Response Team) released a targeted analysis of the European energy sector, revealing that more than one-fifth of monitored industrial computers faced cyber-attack attempts in the first three months of 2020. The data underscores that the energy industry is a primary target for both opportunistic and targeted cyber-attacks. The high variety of malware families (633) suggests that threats are not limited to specialized state-sponsored "zero-day" attacks, but rather a combination of commodity malware, ransomwares, and miners that find their way onto industrial networks via internet-connected endpoints and removable media.
## Business Impact
### For the Companies Involved
- **Kaspersky:** Strengthens its position as a dominant thought leader and primary intelligence provider for OT (Operational Technology) security in the EMEA region.
- **Energy Providers:** Faces increased operational risk and potential regulatory scrutiny regarding the resilience of their "air-gapped" or segmented networks.
### For Competitors
- Security vendors specializing in OT (e.g., Dragos, Nozomi Networks) must compete with Kaspersky’s massive footprint of endpoint telemetry to provide comparable regional visibility.
### For Customers
- Industrial customers face a higher "cost of security" as insurance premiums for critical infrastructure may rise based on these heightened threat levels.
### For the Market
- The high percentage of infected ICS computers (20.4%) drives market demand for specialized OT security services, moving away from general-purpose IT security tools toward industrial-specific monitoring.
## Technical Implications
The diversity of malware—1,485 modifications—indicates that attackers are frequently "packing" or mutating code to bypass traditional signature-based detection. The prevalence of threats on ICS computers signifies a failure in complete network isolation (air-gapping) and highlights the danger of "bridge" devices that connect corporate IT to the manufacturing/distribution floor.
## Strategic Analysis
- **Market Positioning:** Kaspersky leverages this data to transition from a "PC antivirus" brand to a critical infrastructure protection partner.
- **Competitive Advantage:** Real-world telemetry from over 633 malware families provides Kaspersky with a superior threat intelligence database for machine learning model training.
- **Challenges:** Ongoing geopolitical tensions regarding Russian-headquartered firms in Europe may hinder the adoption of Kaspersky's solutions despite the high quality of their intelligence.
## Industry Reactions
- **Analyst Opinions:** Analysts view the 20.4% figure as a "wake-up call" for European utility regulators, suggesting that voluntary security standards may be insufficient.
- **Market Response:** There is an increasing trend toward converged IT/OT security operations centers (SOCs) to handle the cross-contamination of malware.
## Future Outlook
- **Predictions:** Expect more stringent EU-wide regulations (shifting from NIS to NIS2) requiring mandatory reporting of these blocked incidents.
- **What to Watch For:** A transition from commodity malware to more sophisticated ransomware specifically designed to disrupt power grid frequency and distribution (Killware).
## For Security Professionals
Practitioners should prioritize hardening the "human-machine interface" (HMI) and engineering workstations, as these are clearly the primary entry points for the documented 1,485 malware modifications. Audit the usage of USB drives and transient laptops, which remain a primary vector for circumventing network perimeters in energy environments.