In the first quarter of 2024, Kaspersky's protection solutions blocked malware from 10,865 different malware families of various categories on industrial automation systems. The African region is over-exposed to threats spreading via the Internet, which are the most common initial-access tools for cyber attackers. The region also leads in charts of malware spread via removable devices (5.6% of ICS computers faced it, compared to the global figure of 1.13%), which is the other way for cyber attackers to try to bypass the safeguards at the perimeter and to spread within the internal infrastructure.
Malicious objects that are used for initial infection of computers include dangerous Internet resources that are added to denylists (this threat was blocked on 8.78% of ICS computers in Africa), malicious scripts and phishing pages (6.9%), and malicious documents (1.83%). These malicious objects are normally used at the initial phases of the attack chain. As a result, they are blocked by security solutions more often than everything else. This is normally reflected in Kaspersky Security Network statistics.
Malicious objects used to initially infect computers deliver next-stage malware – spyware, ransomware, and miners – to victims' computers. Spyware (Trojan-Spy malware, backdoors and keyloggers), which is mostly used to steal money or confidential data, is also widespread both globally and in Africa (blocked on 6.65% of ICS computers in Africa).
Worms and viruses are types of self-propagating malware. To spread across ICS networks, viruses and worms rely on removable media, network folders, infected files including backups, and network attacks on outdated software. This type of malware is very active in African countries compared to other regions and global average. Extremely high rates of self-propagating malware in the region most probably mean there’s a significant portion of OT infrastructure yet to be protected by security solutions (which is where the malware continuously spreads from) and there’s room for improving the overall cybersecurity culture to follow strict cybersecurity policies.
ICS computers in Africa continue to face covert crypto-mining programs - miners in the form of executable files for Windows and web miners, though this type of malware is decreasing in the recent years. If successfully installed these provide cybercriminals steady earnings from using victim’s computer processing power.
Since AutoCAD software is widely used in ICS organisations, cybercriminals also try to make use of this and similar programs creating special malware, detection of which increased in the first quarter of 2024 compared to previous quarters.
The Middle East and Africa lead among regions where ransomware is spread; though not high in numbers (0.28% and 0.27% of ICS computers faced these respectfully), this may pose serious risk to organisations, especially if data encryption scenario is selected by cybercriminals.
“Africa is actively integrating technologies, but it's important to keep cybersecurity in mind and apply it to both new technologies and currently used solutions. By a security mindset we mean implementing reliable solutions, setting up security policies and educating employees depending on their level of relation with OT. This applies to all infrastructures, but is especially important in operational technology, where risks of material consequences are very high and impact on safety is possible. We hope organisations in Africa will set the stage in the region for a future where technology and security go hand in hand,” says Evgeny Goncharov, Head of Kaspersky’s ICS Cyber Emergency Response Team.
To keep ICS computers protected from various threats, Kaspersky experts recommend:
A full report on ICS threats in the first quarter of 2024 is available at ICS CERT website (http://apo-opa.co/3KnQUtu).
Industrial cybersecurity is one of the main topics being discussed by Kaspersky experts at GITEX Africa in Morocco, on 29-31 May 2024.
Distributed by APO Group on behalf of Kaspersky.
About Kaspersky:
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 220,000 corporate clients protect what matters most to them. Learn more at www.Kaspersky.co.za.
This website uses cookies.