Full Report
The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
Analysis Summary
# Industry News: Global OT Threat Landscape Trends for H2 2023
## Summary
Kaspersky’s ICS CERT has released its semi-annual report detailing the evolving threat landscape for industrial control systems (ICS) and industrial automation environments. The data reveals a stabilizing yet diversifying threat environment, where regional disparities in infection rates are becoming more pronounced based on geopolitical and economic factors.
## Key Details
- **Date:** March 19, 2024
- **Companies Involved:** Kaspersky (ICS CERT)
- **Category:** Market Analysis / Threat Intelligence Report
## The Story
The Kaspersky H2 2023 report analyzes telemetry from ICS computers protected by their security solutions to provide a snapshot of industrial cybersecurity health. A primary finding is that while the overall percentage of ICS computers attacked decreased slightly compared to previous years, the complexity of the attacks and the variety of sources—ranging from malicious scripts to specialized spyware—remain high.
The report highlights that the "global North" continues to see lower infection rates compared to developing regions in Africa, Asia, and Latin America. This "digital divide" in OT (Operational Technology) security is attributed to differences in licensed software prevalence, cybersecurity maturity, and the integration of IT/OT networks. Furthermore, the report emphasizes that the primary vectors remain the internet and email, though removable media (USB) remains a persistent threat in isolated air-gapped environments.
## Business Impact
### For the Companies Involved
- **Kaspersky:** Strengthens its position as a dominant thought leader in the OT/ICS security space, particularly in non-Western markets where its footprint remains significant.
### For Competitors
- **Fortinet, Dragos, and Claroty:** This data validates the need for comprehensive "industrial visibility" platforms. Competitors must double down on localized threat intelligence to compete with Kaspersky’s granular regional data.
### For Customers
- **Asset Owners:** The report serves as a benchmark for CISOs in industrial sectors (Manufacturing, Energy, Water) to compare their incident rates against global and regional averages.
### For the Market
- **The Market:** There is a growing recognition that generic IT security tools are insufficient for ICS environments; the market is pivoting toward "OT-native" security stacks that account for industrial protocols and legacy hardware.
## Technical Implications
The report highlights a significant shift in the delivery of malicious payloads. There is an increasing use of **malicious scripts** and **PowerShell payloads** designed to evade traditional signature-based detection. Additionally, "living-off-the-land" techniques (using legitimate administrative tools for malicious purposes) are becoming a staple in ICS compromise attempts.
## Strategic Analysis
- **Market Positioning:** Kaspersky positions itself as the primary data-provider for the "underserved" global industrial market, focusing on regions typically ignored by Western-centric analysts.
- **Competitive Advantage:** Access to vast telemetry from diverse global industrial nodes allows for a more comprehensive statistical model than rivals who rely primarily on manual incident response data.
- **Challenges:** Ongoing geopolitical tensions continue to limit Kaspersky’s market access in several Western government and critical infrastructure sectors, potentially creating "data silos" in the global landscape.
## Industry Reactions
- **Analyst Opinions:** Analysts note that the slight decline in attack percentages shouldn't be mistaken for "safety," but rather a shift toward more targeted, lower-volume, higher-impact campaigns.
- **Market Response:** Renewed focus on "Supply Chain Security" as software updates and third-party remote access remain high-risk entry points for industrial automation systems.
## Future Outlook
- **Predictions:** Expect a rise in "Spyware" specifically tailored for the industrial sector to steal proprietary engineering designs and process logic.
- **What to watch for:** The integration of AI into industrial automation (Industrial AI) will likely open new attack vectors that the H2 2024 reports will need to address.
## For Security Professionals
Cybersecurity practitioners should prioritize **network segmentation** (Air-gapping is no longer a silver bullet) and **removable media controls**. The high prevalence of internet-borne threats reaching ICS computers suggests that "accidental" connectivity remains the biggest risk factor for most industrial facilities. Tightening egress filtering on OT networks is a recommended immediate action.