Full Report
The percentage of computers attacked globally is decreasing. At the same time, threats are becoming more localized, more focused, and, as a result, more diverse and sophisticated.
Analysis Summary
# Industry News: Shift Toward Targeted Threats in Industrial Automation (H1 2020)
## Summary
The global percentage of Industrial Control Systems (ICS) attacked is trending downward, but threats are undergoing a qualitative shift toward precision. Attacks are becoming increasingly localized and sophisticated, signaling a move away from mass-malware toward targeted industrial espionage and ransomware.
## Key Details
- **Date:** September 24, 2020
- **Companies Involved:** Kaspersky (ICS CERT), global industrial infrastructure providers.
- **Category:** Market Analysis / Threat Intelligence Report.
## The Story
Analysis from the first half of 2020 reveals a paradoxical trend in industrial cybersecurity: while the total volume of compromised computers fell to 32.6% (down from previous highs), the severity of individual incidents has increased. The "scattergun" approach of generic malware is being replaced by localized campaigns tailored to specific geographic regions or industrial sectors.
The report highlights that the Internet remains the primary source of infection (16.7%), followed by removable media and email. However, there is a notable rise in "diverse" threats—highly specialized malware designed for specific industrial environments—indicating that attackers are investing more in reconnaissance and custom exploit development.
## Business Impact
### For the Companies Involved
- **Security Vendors:** Firms like Kaspersky are pivoting from generic antivirus solutions to high-touch "Threat Intelligence" and "Managed Detection and Response" (MDR) services to address specialized threats.
### For Competitors
- **Legacy Vendors:** Competitors relying on signature-based detection face obsolescence as attackers use unique, localized code that bypasses standard databases.
- **OT Specialists:** Increased demand for Operational Technology (OT) specific security creates a crowded market for niche players focused on industrial visibility.
### For Customers
- **Resource Reallocation:** Industrial firms must move budget from basic perimeter defense toward proactive hunting and internal network segmentation.
- **False Sense of Security:** The drop in raw attack numbers may lead to dangerous complacency among C-suite executives who misinterpret the data as a "cooling" market.
### For the Market
- **Consolidation:** The need for integrated IT/OT security is likely to drive M&A activity as large IT security firms acquire specialized OT startups to gain deep visibility into industrial protocols.
## Technical Implications
The report notes a decrease in standardized malware families, replaced by "Living off the Land" (LotL) techniques and custom scripts. This makes attribution more difficult and requires behavioral analysis rather than simple file scanning.
## Strategic Analysis
- **Market Positioning:** Kaspersky positions itself as a specialized authority in ICS, moving beyond consumer software into the critical infrastructure protection (CIP) niche.
- **Competitive Advantage:** Deep visibility into diverse geographic regions allows for the identification of localized patterns that global competitors might miss.
- **Challenges:** The high degree of fragmentation in industrial protocols (Modbus, Profibus, etc.) makes it difficult to scale one-size-fits-all security products.
## Industry Reactions
- **Analyst Opinions:** Analysts suggest that the decline in global attacks is a result of improved basic hygiene, which is "flushing out" low-level threats and revealing the more dangerous, quiet actors.
- **Market Response:** Renewed focus on "Zero Trust" architectures within industrial environments to mitigate the risks of localized lateral movement.
## Future Outlook
- **Predictive Trends:** Expect a rise in "Ransomware-as-a-Service" (RaaS) specifically targeting industrial supply chains.
- **What to Watch For:** Increased government regulation regarding mandatory incident reporting for industrial sectors (e.g., energy, water, manufacturing).
## For Security Professionals
Practitioners should focus on **Lateral Movement Defense**. Because global volume is down but localized sophistication is up, the primary risk is no longer a random virus from the web, but a persistent actor who has already bypassed the firewalls and is moving through the OT environment undetected. Baseline your network traffic now to identify "normal" versus "malicious" industrial protocol behavior.