Full Report
The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
Analysis Summary
# Industry News: Kaspersky Reports Volatile ICS Threat Landscape for H1 2022
## Summary
Kaspersky’s ICS CERT has released its biennial statistical analysis of the threat landscape for industrial automation systems, revealing significant shifts in regional risk levels and attack vectors. The report highlights a continuing trend of opportunistic malware and targeted threats impacting industrial control systems (ICS) globally, with a specific focus on the resilience of critical infrastructure.
## Key Details
- **Date:** September 8, 2022
- **Companies Involved:** Kaspersky (ICS CERT)
- **Category:** Market Analysis / Threat Intelligence Report
## The Story
The Kaspersky ICS CERT report for the first half of 2022 provides a comprehensive look at the security health of industrial computers worldwide. Based on telemetry from ICS computers protected by Kaspersky products, the report identifies that while the overall percentage of attacked ICS computers fluctuates, the sophistication of threats—particularly those delivered via the internet and malicious email attachments—remains high.
The report categorizes data by industry vertical (Oil & Gas, Energy, Manufacturing, etc.) and geography, noting that developing regions continue to see higher infection rates due to less mature cybersecurity postures. Notably, the report sheds light on how geopolitical tensions and the ongoing digital transformation of physical assets are creating new "blind spots" in industrial perimeter defense.
## Business Impact
### For the Companies Involved
- **Kaspersky:** Reinforces its position as a dominant global authority in ICS security intelligence, maintaining brand relevance despite geopolitical headwinds affecting its broader market access in Western regions.
### For Competitors
- **Competitive Landscape:** Sets a benchmark for threat intelligence. Competitors like Dragos, Nozomi Networks, and Microsoft (Defender for IoT) must counter with similar data-driven insights to prove their visibility into the "OT" (Operational Technology) layer.
### For Customers
- **Resource Allocation:** Provides C-suite executives with the data needed to justify increased spending on OT-specific security controls rather than relying solely on traditional IT security budgets.
### For the Market
- **Insurance and Regulation:** Such reports are increasingly used by cyber insurance underwriters to adjust premiums for industrial firms and by regulators to draft new compliance frameworks for critical infrastructure.
## Technical Implications
The report highlights that the primary attack vector remains the **Internet** (web-based threats), followed by **Removable Media** and **Email Clients**. There is a noted increase in the use of "Living off the Land" (LotL) techniques where attackers use legitimate system tools to avoid detection, making signature-based antivirus less effective than behavioral analysis in industrial environments.
## Strategic Analysis
- **Market Positioning:** Kaspersky positions itself as the "boots on the ground" analyst for the convergence of IT and OT.
- **Competitive Advantage:** Access to global telemetry across diverse industrial sectors gives Kaspersky a data advantage over niche players that may only see North American or European markets.
- **Challenges:** The ongoing geopolitical climate creates skepticism regarding data provenance, potentially limiting the adoption of these insights in specific government-aligned sectors.
## Industry Reactions
- **Analyst Opinions:** Industry analysts view the H1 2022 report as a confirmation that the "air gap" is officially dead, as internet-borne threats continue to be the leading risk factor for ICS.
- **Expert Commentary:** OT security experts emphasize that the high volume of threats in the Energy and Oil & Gas sectors underscores the need for "Security by Design" in industrial hardware.
## Future Outlook
- **Predictions:** Expect an increase in "triple extortion" ransomware targeting industrial sectors, where attackers steal data, lock systems, and threaten physical disruption.
- **What to Watch For:** A rise in threats targeting the industrial supply chain—specifically the software update mechanisms for PLCs (Programmable Logic Controllers) and HMIs (Human-Machine Interfaces).
## For Security Professionals
Practitioners should prioritize **network segmentation** (unidirectional gateways/DMZs) and **vulnerability management for engineering workstations**. The report serves as a reminder that the engineering workstation—often the bridge between IT and OT—is frequently the weakest link. Professionals should audit their use of removable media and implement strict controls on web access from systems directly connected to the factory floor.