Full Report
The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
Analysis Summary
# Industry News: ICS Threat Landscape Stagnates Globally While Regional Volatility Increases
## Summary
Kaspersky ICS CERT’s H1 2023 report reveals that while the global percentage of Industrial Control Systems (ICS) computers attacked remained relatively stable (34%), there is a significant geographical shift in threat activity. The data highlights a narrowing gap between high-security and low-security regions, driven by a surge in attacks in previously "safer" territories like Northern Europe and North America.
## Key Details
- **Date:** September 13, 2023
- **Companies Involved:** Kaspersky (ICS CERT)
- **Category:** Market Analysis / Threat Intelligence Report
## The Story
The report analyzes statistical data from ICS computers protected by Kaspersky products, categorized as industrial infrastructure (including manufacturing, energy, and water utilities). A primary finding is the stabilization of global threat levels, but this "flat" global average masks intense regional fluctuations.
For the first time in several reporting periods, the industry is seeing a rise in malicious activity in mature markets. Northern Europe saw the highest growth in the percentage of attacked ICS computers, while North America and Western Europe also experienced increases. Conversely, regions that historically faced the highest threat levels, such as Africa and Southeast Asia, saw declines. The primary attack vectors remain internet-borne threats and malicious email attachments, though removable media remains a persistent "offline" threat in specific sectors like energy and building automation.
## Business Impact
### For the Companies Involved
- **Kaspersky:** Strengthens its position as a primary source of industrial intelligence, reinforcing the value of its "Cyber Immunity" and KICS (Kaspersky Industrial CyberSecurity) product lines in a fragmenting global market.
### For Competitors
- **Competitive landscape impact:** Firms like Dragos, Nozomi Networks, and Claroty must pivot their marketing and threat hunting efforts toward mature markets (US/EU) where the perceived "safety" of industrial operations is being challenged by new statistical data.
### For Customers
- **Impact on end users:** Asset owners in Western markets can no longer rely on "security by geography." The data suggests a need for increased investment in endpoint protection and email security for OT (Operational Technology) staff who interact with corporate IT systems.
### For the Market
- **Broader market implications:** The convergence of IT and OT continues to be the primary vulnerability driver. The market is shifting from a "protection" mindset to a "resilience" mindset as the ubiquity of commodity malware in industrial environments persists.
## Technical Implications
- **Internet Vectors:** The internet remains the #1 source of threats (23.5% of ICS computers), highlighting that "air-gapping" is largely a myth in modern industrial environments.
- **Malware Evolution:** While high-profile ransomware makes headlines, the technical data shows a persistent background noise of "neutralized" commodity miners and spyware that can still lead to industrial downtime.
## Strategic Analysis
- **Market Positioning:** Kaspersky positions itself as a global observer capable of tracking the "democratization of cyber threats," where advanced malware reaches all corners of the globe simultaneously.
- **Competitive Advantage:** Real-world telemetry from a massive install base provides Kaspersky with a data advantage over niche OT security startups that lack broad endpoint visibility.
- **Challenges:** Geopolitical tensions continue to complicate the adoption of Russian-origin security software in Western governmental and critical infrastructure sectors, regardless of the quality of the intelligence.
## Industry Reactions
- **Analyst opinions:** Analysts note that the rise in attacks in Northern Europe may be linked to increased geopolitical targeting of energy infrastructure.
- **Market response:** There is a growing consensus that the "low-hanging fruit" for attackers is now found in the integration points between industrial automation and corporate administrative functions.
## Future Outlook
- **Predictions:** Expect a continued rise in specialized spyware designed to exfiltrate industrial configurations and intellectual property.
- **What to watch for:** The H2 2023 data will likely show if the "leveling out" of global threats is a permanent trend or a temporary statistical anomaly. Watch for increased regulation in the EU (NIS2 Directive) as a response to the rising threat levels in Northern and Western Europe.
## For Security Professionals
Practitioners should focus on two main areas: **Email Hygiene** and **Removable Media Policies.** The report proves that despite the complexity of ICS environments, the entry point for most "industrial" attacks is still a standard office-style phishing link or a compromised USB drive used for maintenance. Rigorous patching of OT-integrated IT systems is non-negotiable.