All threat statistics
In the third quarter of 2024, the percentage of ICS computers with malicious objects blocked decreased by 1.5 pp to 22% compared to the previous quarter.
Percentage of ICS computers with malicious objects blocked (quarterly, 2022-2024)
Compared to the third quarter of 2023, this percentage decreased by 1.7 percentage points.
The percentage of ICS computers with malicious objects blocked in the third quarter of 2024 was highest in July and September, and lowest in August. In fact, the percentage in August 2024 was the lowest of any month during the observation period.
Percentage of ICS computers with malicious objects blocked (January 2023 to September 2024)
Regional ranking
By region (1), the percentage of ICS computers that blocked malicious objects during the quarter ranged from 9.7% in Northern Europe to 31.5% in Africa.
Regions ranked by percentage of ICS computers with malicious objects blocked, Q3 2024
Six regions saw their share increase from the previous quarter: Africa, South Asia, Southeast Asia, the Middle East, Latin America, and East Asia.
Both the region and the world. Change in percentage of ICS computers attacked in Q3 2024
Selected industry
The biometrics sector led the industries surveyed in terms of the percentage of ICS computers that had malicious objects blocked.
Percentage of ICS computers with malicious objects blocked in selected industries
In the third quarter of 2024, the percentage of ICS computers with malicious objects blocked decreased in most industries except biometrics and manufacturing.
Change in percentage of ICS computers with malicious objects blocked in specific industries
Diversity of detected malicious objects
In the third quarter of 2024, Kaspersky Lab protection solutions blocked malware from 11,882 different malware families in various categories on industrial automation systems.
Percentage of ICS computers where activities of various categories of malicious objects were thwarted
The most notable proportional increase over this period was in the percentage of ICS computers on which malicious scripts and phishing pages were blocked, showing a 1.1x increase.
Main threat sources
The Internet, email clients, and removable storage devices remain the primary sources of threats to computers in an organization’s technology infrastructure. Please note that we cannot always reliably identify the source of a blocked threat.
In the third quarter of 2024, the percentage of ICS computers where threats from various sources were blocked decreased for all threat sources discussed in this report.
Percentage of ICS computers where malicious objects from various sources were blocked
Additionally, the percentage of ICS computers that had threats from email clients, removable media, and network folders blocked during the third quarter was the lowest during the observation period.
Threat categories
Malicious object used for initial infection
Malicious objects used to initially infect an ICS computer include dangerous blacklisted Internet resources, malicious scripts or phishing pages, and malicious documents.
In the third quarter of 2024, the percentage of ICS computers with blocked Internet resources and malicious documents increased to 6.84% (0.21 pp) and 1.97% (0.01 pp), respectively. . The proportion of malicious scripts and phishing pages increased even more significantly at 6.24% (up 0.55 points), but reached its lowest level since early 2022 in the last quarter.
The next stage of malware
The malicious object used to initially infect a computer delivers the next stage of malware: spyware, ransomware, miner to the victim’s computer. In general, the higher the percentage of ICS computers that are blocked from initially infected malware, the higher the percentage of next-stage malware.
The percentage of ICS computers with spyware (spy trojans, backdoors, keyloggers) blocked decreased by 0.17 pp to 3.91% compared to the previous quarter.
The percentage of ICS computers with ransomware blocked continued to vary within 0.03 pp per quarter, but decreased to 0.16% during the observation period.
The percentage of ICS computers where the Windows executable file format miner was blocked decreased by 0.18 pp to 0.71%.
The percentage of ICS computers where web miners were blocked decreased by 0.09 pp to 0.41%.
Self-propagating malware
Self-replicating malware (worms and viruses) is a category unto itself. Worms and virus-infected files were initially used for initial infection, but as the botnet’s capabilities evolved, they took on characteristics of the next stage.
To spread across ICS networks, viruses and worms rely on network attacks on removable media, network folders, infected files including backups, and outdated software.
In the third quarter of 2024, the percentage of ICS computers where the worm was blocked continued to decrease (0.18 pp), reaching 1,30%. This is the lowest since early 2022. The virus rate decreased slightly to 1.53%.
AutoCAD malware
AutoCAD malware is typically a low-level threat, ranking at the bottom of the malware category in terms of percentage of ICS computers blocked.
In the third quarter of 2024, the percentage of ICS computers with AutoCAD malware blocked decreased slightly to 0.40%.
The full Q3 2024 report is available on the Kaspersky ICS CERT website.
(1) This report considers U.S. statistics obtained before September 29, 2024.
