Full Report
The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
Analysis Summary
# Industry News: Global OT Threat Landscape Resilience and Regional Shifts in H2 2020
## Summary
Kaspersky ICS CERT has released its 2020 semi-annual report detailing the evolving threat landscape for industrial control systems (ICS). The data highlights a slight increase in the percentage of ICS computers attacked globally, reaching 33.4% in H2 2020, driven by a surge in diverse malware types such as spyware and malicious scripts.
## Key Details
- **Date:** March 25, 2021
- **Companies Involved:** Kaspersky (ICS CERT)
- **Category:** Market Research / Threat Intelligence Analysis
## The Story
The report analyzes statistical data from ICS computers protected by Kaspersky security solutions to monitor the health of global industrial infrastructure. While the overall percentage of attacked ICS computers rose only marginally (0.85%) compared to H1 2020, the second half of the year saw a notable diversification in the threat vector. Specifically, there was a significant rise in the prevalence of spyware (up by 1.4x), malicious scripts, and miners.
Geographically, the report highlights a "digital divide" in OT security. Developing regions continue to see the highest rates of attempted attacks (with countries like Algeria reaching 46.9%), while mature markets in Western Europe and North America maintain lower, yet still significant, attack surfaces. The report also tracks the shift of COVID-19 related threats, noting that while the initial chaos of the pandemic provided cover for attackers, the H2 data shows a transition toward more targeted, financially motivated industrial cybercrime.
## Business Impact
### For the Companies Involved (Kaspersky)
- **Market Leadership:** Reinforces Kaspersky’s position as a dominant provider of industrial cybersecurity intelligence.
- **Data Advantage:** Leverages a massive installed base of sensors to provide granular, longitudinal data that competitors struggle to match.
### For Competitors
- **Benchmark Pressure:** Competitors like Claroty, Dragos, and Nozomi Networks must pivot their marketing to address the identified rise in "commodity" malware (spyware/scripts) that is increasingly impacting OT environments, not just APTs.
### For Customers
- **Increased Vulnerability Management:** Industrial operators are forced to re-evaluate the "air-gap" myth as the data shows internet-borne threats continue to reach ICS environments via engineering workstations and integrated IT/OT networks.
### For the Market
- **Growth in OT Security Spending:** The report validates the necessity for specialized industrial security, likely driving further investment in the ICS protection market, which is projected to grow substantially over the next five years.
## Technical Implications
The technical shift from monolithic malware to modular, script-based attacks (PowerShell, JS) poses a challenge for traditional signature-based defenses. The rise in spyware indicates that the "reconnaissance" phase of industrial attacks is becoming more automated, increasing the risk of subsequent ransomware or data exfiltration.
## Strategic Analysis
- **Market Positioning:** Kaspersky positions its telemetry as the "ground truth" for global industrial health, appealing to both technical engineers and C-level risk managers.
- **Competitive Advantage:** The ability to categorize threats by specific industrial niches (energy, manufacturing, water) provides a strategic edge over generic cybersecurity firms.
- **Challenges:** Geopolitical tension remains a significant hurdle for Kaspersky in specific Western government markets, regardless of the quality of their threat intelligence.
## Industry Reactions
- **Analyst Opinions:** Industry analysts view the report as a "wake-up call" that the stabilization of attack percentages doesn't mean safety, but rather a more sophisticated level of persistence from attackers.
- **Expert Commentary:** Security experts note that the 20% growth in malicious scripts suggests attackers are focusing on bypassing traditional perimeter controls.
## Future Outlook
- **Predictive Trends:** Expect an increase in ransomware tailored for industrial environments ("Killware") as attackers move from reconnaissance (spyware) to monetization.
- **What to Watch For:** Regional growth in ICS attacks in Southeast Asia and Africa as these regions rapidly digitize their industrial bases without commensurate security investment.
## For Security Professionals
Practitioners should prioritize the defense of "intermediary" systems—such as engineering workstations and data historians—that act as bridges for malicious scripts. The report emphasizes that basic hygiene (disabling unnecessary scripts, monitoring for spyware) remains as critical as defending against high-end nation-state exploits.