• Main
    • Publications
    • Reports
    • Threat landscape for industrial automation systems. Regions, Q2 2024
    • Threat landscape for industrial automation systems. Regions, Q2 2024

    21 November 2024

    Threat landscape for industrial automation systems. Regions, Q2 2024

      Q2 overview

      Percentage of ICS computers

      In the second quarter of 2024, the global percentage of ICS computers on which malicious objects were blocked decreased by 0.9 pp from the previous quarter to 23.5%.

      Regionally, the percentage of ICS computers that blocked malicious objects during the quarter ranged from 11.3% in Northern Europe to 30% in Africa.

      Regions ranked by percentage of ICS computers on which malicious objects were blocked, Q2 2024

      All regions ranked by percentage of ICS computers on which malicious objects were blocked in the second quarter can be divided into three groups:

      Over 25%

      • Africa — 30.0%
      • South-East Asia — 29.2%
      • Central Asia — 26.5%

      In the regions within this group, OT computers are generally overexposed to cyberthreats. There is underinvestment in cybersecurity, both in terms of tools and measures, as well as in addressing the shortage of experts, fostering a strong cybersecurity culture, and raising awareness.

      20–25%

      • Middle East — 25.0%
      • Eastern Europe — 23.5%
      • Russia — 22,5%
      • Latin America — 22.4%
      • South Asia — 21.4%
      • East Asia — 21.3%
      • Southern Europe — 20.9%

      The regions within this group may face specific challenges in isolating their OT infrastructure from potential cyberthreats.

      Up to 20%

      • Australia and New Zealand — 16.9%
      • US and Canada — 13.5%
      • Russia — 22.5%
      • Western Europe — 13.2%
      • Northern Europe — 11.3%

      The third group consists of regions that are the safest in terms of keeping their OT infrastructure isolated from cyberthreats.

      Compared to the first quarter, the percentage of ICS computers on which malicious objects were blocked during the second quarter has increased in four regions.

      Regions and world. Changes in the percentage of attacked ICS computers in Q2 2024

      Malicious object categories

      Malicious objects used for initial infection

      Malicious objects that are used for initial infection of ICS computers include dangerous internet resources that are added to denylists, malicious scripts and phishing pages, and malicious documents.

      By the logic of cybercriminals, these malicious objects can spread easily. As a result, they are blocked by security solutions more often than anything else. This is reflected in our statistics.

      Typical attacks blocked within an OT network are a multi-stage process, where each subsequent step of the attackers is aimed at increasing privileges and gaining access to other systems by exploiting vulnerabilities in OT systems and networks.

      It is worth noting that during the attack, intruders often repeat the same steps (TTP), particularly, when they use malicious scripts and established communication channels with the management and control infrastructure (C2) to move horizontally within the network and advance the attack.

      Kill chain examples: from initial infection to next-stage malware

      Globally and in almost all regions, denylisted internet resources and malicious scripts and phishing pages are the top malware categories in terms of the percentage of ICS computers on which this malware was blocked.

      The sources of the majority of malicious objects used for initial infection are the internet and email.

      In Q2 2024, the regions with internet threats above the global average of 11.25% were Central Asia, South-East Asia, Russia, and Africa.

      Regions ranked by percentage of ICS computers on which threats from the internet were blocked, Q2 2024

      The regions with email threats above the global average of 3.04% were Southern Europe, Eastern Europe, the Middle East, Latin America, South-East Asia, Africa, Australia and New Zealand.

      Regions ranked by percentage of ICS computers on which threats from email clients
      were blocked, Q2 2024
      Denylisted internet resources

      The leading regions by percentage of ICS computers on which denylisted internet resources were blocked (above the global average of 6.63%) were Russia, Central Asia, Africa, and Eastern Europe.

      Regions ranked by percentage of ICS computers on which denylisted internet rersources  were blocked, Q2 2024

      The top three regions in terms of growth in the percentage of ICS computers on which denylisted internet resources were blocked were Western Europe, Australia and New Zealand, and USA and Canada.

      Changes in the percentage of ICS computers on which denylisted internet resources were blocked, Q2 2024
      Malicious scripts and phishing pages

      The leading regions by percentage of ICS computers on which malicious scripts and phishing pages were blocked (above the global average of 5.69%) were Southern Europe, the Middle East, South-East Asia, Australia and New Zealand, Latin America, Africa, and Eastern Europe.

      Regions ranked by percentage of ICS computers on which malicious scripts and phishing pages  were blocked, Q2 2024
      Changes in he percentage of  ICS computers on which malicious scripts and phishing pages were blocked, Q2 2024

      The top three regions in terms of growth in the percentage of ICS computers on which malicious scripts and phishing pages were blocked were Southern Europe, East Asia, and Western Europe.

      Malicious documents

      The leading regions by percentage of ICS computers on which malicious documents were blocked (above the global average of 1.96%) were Southern Europe, Latin America, South-East Asia, Eastern Europe, and the Middle East.

      Regions ranked by percentage of ICS computers on which malicious documents were blocked, Q2 2024

      The top three regions in terms of growth in the percentage of ICS computers on which malicious documents were blocked were Western Europe, South-East Asia, and Southern Europe.

      Changes in the percentage of  ICS computers on which malicious documents were blocked, Q2 2024

      Next-stage malware

      Malicious objects used to initially infect computers deliver next-stage malware – spyware, ransomware, and miners – to victims’ computers.

      In the second quarter of 2024, a significant portion of Windows miners found on ICS computers consisted of archives with names mimicking legitimate software. These archives did not contain actual software but included a Windows LNK file, commonly known as a shortcut. However, the target (or path) that the LNK file points to is not a regular application, but rather a command capable of executing malicious code, such as a PowerShell script. Nowadays, threat actors are increasingly using PowerShell to execute malware, including cryptominers, by embedding malicious code directly into command-line arguments. This code runs entirely in memory, enabling fileless execution and minimizing detection.

      Kill chain example: fileless execution in cryptomining attacks

      Another common method of deploying miners on ICS computers involves using legitimate cryptocurrency mining software such as XMRig, NBMiner, OneZeroMiner, and others. While these miners are not inherently malicious, they are classified as RiskTools by security systems. Attackers exploit these miners by combining them with customized configuration files that enable the miner’s activity to be concealed from the user’s view.

      Kill chain example: use of legitimate mining tools in cryptomining attacks
      Spyware

      As a rule, the higher the percentage of ICS computers on which the initial infection malware is blocked, the higher the percentage for next-stage malware.

      Spyware (including Trojans, backdoors, and keyloggers) is typically the most frequently detected type of next-stage malware. It is either used as a toolset for intermediate steps in the kill chain (such as reconnaissance and lateral movement) or as a final-stage tool for stealing and exfiltrating confidential data.

      When spyware is detected on an OT computer, it usually indicates that the initial infection vector was not prevented – whether through a user clicking on a malicious link, opening an attachment from a phishing email, or plugging in an infected USB drive. This suggests that OT perimeter protection measures (such as network security and enforcement of removable device policies) were either absent or ineffective.

      As expected, the regions leading in the percentage of ICS computers on which spyware was blocked were also the leading regions for initial infection threats (with the exception of Russia, which does not show high rates of spyware).

      In Q2 2024, the regions with spyware above the global average of 4.08% were Africa, the Middle East, Southern Europe, South-East Asia, Eastern Europe, Central Asia, Latin America, East Asia.

      Regions ranked by percentage of ICS computers on which spyware was blocked, Q2 2024

      In almost all regions, spyware does not rank higher than third in the threat category rankings by percentage of ICS computers on which it was blocked, except in the following regions:

      • East Asia: in this region, spyware is the number one malware category in terms of the percentage of ICS computers on which it was blocked (4.15%).
      • Central Asia, Africa, the Middle East, and Southern Europe: spyware is the second most prevalent threat in these regions.

      The top three regions in terms of growth in the percentage of ICS computers on which spyware was blocked were Southern Europe, South-East Asia, and Eastern Europe.

      Changes in the percentage of ICS computers on which spyware was blocked, Q2 2024
      Covert crypto-mining programs
      Miners in the form of executable files for Windows

      The leading regions by percentage of ICS computers on which miners in the form of executable files for Windows were blocked (above the global average of 0.89%) were Central Asia, Russia, Africa, and Eastern Europe.

      Regions ranked by percentage of ICS computers on which miners in the form of executable files for Windows were blocked, Q2 2024

      In the global ranking of threat categories by percentage of ICS computers on which they were blocked, miners in the form of Windows executable files are ranked seventh.

      • In the corresponding ranking in Russia, they are in fourth place.
      • In Central Asia, Australia and New Zealand, Northern Europe they came fifth.

      The top three regions in terms of growth in the percentage of ICS computers on which miners in the form of Windows executable files were blocked were Latin America, Africa, and South Asia.

      Changes in the percentage of ICS computers on which miners in the form of executable files for Windows were blocked, Q2 2024
      Covert crypto-mining programs
      Web miners running in browsers

      The leading regions by percentage of ICS computers on which web miners running in browsers were blocked (above the global average of 0.50%) were: Africa, Middle East, Latin America, Australia and New Zealand, Eastern Europe, and South-East Asia.

      Regions ranked by percentage of ICS computers on which web miners were blocked, Q2 2024

      In the regional rankings of threat categories by percentage of ICS computers on which they were blocked, web miners ended up higher regionally (eighth place globally) in:

      • US and Canada – fifth place in the regional ranking
      • Northern Europe, Australia and New Zealand – sixth place in the respective regional ranking
      • Eastern, Western, Southern Europe, Middle East – seventh place in the respective regional ranking

      The top three regions in terms of growth in the percentage of ICS computers on which web miners were blocked were Latin America, Russia, and Central Asia.

      Changes in the percentage of ICS computers on which web miners were blocked, Q2 2024
      Ransomware

      The regions where the highest percentage of ICS computers on which ransomware was blocked (above the global average of 0.18%) were the Middle East, Africa, South-East Asia, South Asia, Latin America, Central Asia, Southern Europe, and East Asia.

      Regions ranked by percentage of ICS computers on which ransomware was blocked, Q2 2024

      The top three regions in terms of growth in the percentage of ICS computers on which ransomware was blocked were Latin America, Southern Europe, and Australia and New Zealand.

      Changes in the percentage of ICS computers on which ransomware was blocked, Q2 2024

      Self-propagating malware. Worms and viruses

      Worms and virus-infected files were originally used for initial infection, but as botnet functionality evolved, they took on next-stage characteristics.

      To spread across ICS networks, viruses and worms rely on removable media, network folders, infected files including backups, and network attacks on outdated software.

      High rates of self-propagating malware and malware spreading via network folders at the industry, country, or regional level likely indicate the presence of unprotected OT infrastructure that lacks even basic endpoint protection.

      Worms

      The leading regions by percentage of ICS computers on which worms were blocked (above the global average of 1.48%) were Africa, Central Asia, the Middle East, South-East Asia, East Asia, South Asia, and Eastern Europe.

      Regions ranked by percentage of ICS computers on which worms were blocked, Q2 2024

      Globally, worms are in sixth place in the threat category ranking by percentage of ICS computers on which they were blocked. In similar regional rankings, worms rank higher in the following regions:

      • Africa, Central Asia, South Asia – fourth place in the respective regional ranking
      • East Asia, the Middle East, Latin America, Russia, Eastern Europe, Western Europe, Southern Europe – fifth place in the respective regional ranking

      The top three regions in terms of growth in the percentage of ICS computers on which worms were blocked were Australia and New Zealand, East Asia, and Southern Europe.

      Changes in the percentage of ICS computers on which worms were blocked, Q2 2024

      The top regions for worms were also the leading regions by percentage of ICS computers on which threats were blocked when connecting removable media: Africa, South Asia, South-East Asia, East Asia, Central Asia, Middle East.

      Regions ranked by percentage of ICS computers on which threats from removable devices were blocked, Q2 2024
      Viruses

      The leading regions by percentage of ICS computers on which viruses were blocked (above the global average of 1.54%) were South-East Asia, Africa, East Asia, the Middle East, South Asia.

      Regions ranked by percentage of ICS computers on which viruses were blocked, Q2 2024

      In South-East Asia, viruses are in first place (!) in the threat category ranking by percentage of ICS computers on which they were blocked.

      The top three regions in terms of growth in the percentage of ICS computers on which viruses were blocked were South-East Asia, Australia and New Zealand, and East Asia.

      Changes in the percentage of ICS computers on which viruses were blocked, Q2 2024

      Note that four of the top regions are also leaders by percentage of ICS computers on which network folder threats were blocked: East Asia, South-East Asia, South Asia, Middle East.

      Regions ranked by percentage of ICS computers on which threats from network folders were blocked, Q2 2024

      AutoCAD malware

      This category of malware can spread in a variety of ways, so it does not belong to a specific group.

      The same regions that lead in the virus ranking are also the leaders by percentage of ICS computers on which AutoCAD malware was blocked (above the global average of 0.42%): South-East Asia, East Asia, and Africa.

      Regions ranked by percentage of ICS computers on which malware for AutoCAD was blocked, Q2 2024

      Normally, AutoCAD malware is a minor threat and usually comes bottom of the malware category rankings by percentage of ICS computers on which it was blocked.

      However, in Q2 2024, this category ranked higher than the corresponding global ranking (ninth place) in the following regions:

      • South-East Asia – fifth place in the regional ranking
      • East Asia – seventh place in the regional ranking

      The top three regions in terms of growth in the percentage of ICS computers on which malware for AutoCAD was blocked were South-East Asia, East Asia, and Australia and New Zealand.

      Changes in the percentage of ICS computers on which malware for AutoCAD was blocked, Q2 2024

      Regions. Special considerations

      To see the specific distinctions of regions, you can compare them to other regions and to the global average statistics.

      In most regions as well as globally, first place in the rankings by percentage of ICS computers on which specific threat categories were blocked are occupied by spyware and by the malicious objects used for the initial infection of computers. The internet leads the ranking of top threat sources in all regions.

      Some of the regional rankings have their own peculiarities and distinctions, which are noted below.

      Africa

      Current threats

      Overall

      First place in the global ranking by percentage of ICS computers on which malicious objects were blocked.

      Of all regions, Africa traditionally has the highest percentage of ICS computers on which malicious objects were blocked. Therefore, it is not surprising that Africa leads in many rankings, in some cases by a huge margin.

      The percentage of ICS computers on which malicious objects were blocked is higher than the global average. The region exhibits a slight downward trend with fluctuations.

      Comparative analysis

      Africa occupies leading positions among regions by percentage of ICS computers on which the following were blocked:

      • First place: spyware, web miners, worms, threats from removable media 
      • Second place: ransomware, viruses
      • Third place: denylisted internet resources, miners in the form of executable files for Windows, malware for AutoCAD
      Threat categories
      • Compared to global figures, the region has a higher percentage of ICS computers on which threats were blocked across all threat categories except for malicious documents.
        • The region has a significantly higher percentage than the respective global average percentages of ICS computers on which the following were blocked:
          • Worms, 3.2 times higher
          • Viruses, 2.5 times higher

            Worms and viruses outpace malicious documents in the threat category ranking by percentage of ICS computers on which they were blocked. Worms are in fourth place (sixth place globally). As noted earlier, high rates of self-propagating malware on a large scale indicate that a significant portion of the OT infrastructure lacks even basic endpoint protection, making it a source of malware infection attempts.
          • Spyware, 1.7 times higher
          • Web miners, 1.7 times higher
          • Malware for AutoCAD, 1.4 times higher
          • Ransomware, 1.4 times higher
        Threat sources

        Removable drives occupy second place in the regional ranking of threat sources by percentage of ICS computers on which malicious objects from different sources were blocked (third place globally). 

        Africa is the only region this quarter where a higher percentage of ICS computers had threats blocked from removable media than from email threats. This appears to be a long-term trend. We assume this might indicate that OT systems in the region are generally not frequently connected to corporate resources, including email services. Instead, removable media is often used for information exchange in OT infrastructure.

        Quarterly changes and trends

        Threat categories
        • The largest proportional quarterly increase in Q2 2024 was in the percentage of ICS computers on which the following were blocked:
          • Spyware – by 1.1 times, rising to second place in the region from third
          • Miners in the form of executable files for Windows – by 1.1 times
        • The top threat categories exhibit various quarterly dynamics:
        • The heatmap below illustrates changes in the ranking of threat categories in the region over a period of 2.5 years. Denylisted internet resources have been the leading threat category in the region since early 2023. Spyware moved up from third to second place in Q2 2024, while malicious scripts and phishing gradually dropped from first place in 2022 to third in Q2 2024.
        Threat sources
        • Removable devices have been above the global average by a wide margin since Q2 2022 and exhibit a downward trend closely following the global trend.
        • In terms of quarterly changes, all threat sources exhibit mostly downward trends.

        Industries

        • The most affected industries in the region, as selected for this report, are:
          • Energy
          • Engineering and ICS Integration
        • Compared to the global averages, the following industries had a significantly higher percentage of ICS computers with blocked malicious objects compared to the respective global averages:
          • Manufacturing – 1.4 times higher
          • Engineering and ICS Integration – 1.4 times higher
          • Oil & Gas – 1.4 times higher
          • Energy – 1.3 times higher
        • In Q2 2024, all selected sectors in the region exhibited a decrease in the percentage of ICS computers on which malicious objects were blocked.
        • The selected sectors show positive dynamics in their long-term trends:

        South-East Asia

        Current threats

        Overall

        Second place in the global ranking by percentage of ICS computers on which malicious objects were blocked.

        The percentage of ICS computers where malicious objects were blocked remains consistently higher than the global average, reflecting a long-term trend. While the region shows a slight downward trend, this pattern includes periodic fluctuations.

        Comparative analysis

        South-East Asia occupies leading positions among regions by percentage of ICS computers on which the following were blocked:

        • First place: viruses, malware for AutoCAD
        • Second place: threats from the internet, threats from network folders 
        • Third place: malicious scripts and phishing pages, malicious documents, ransomware
        Threat categories

        Viruses came first in the ranking of malware categories by percentage of ICS computers on which they were blocked. In South-East Asia, this percentage is 5.2 times higher than the global average.

        AutoCAD malware is in fifth place in this ranking (the global percentage of ICS computers on which this malware was blocked is one of the lowest among all categories).

        Compared to the global figures, the region has a significantly higher percentage of ICS computers on which the following were blocked:

        • AutoCAD malware, 7 times higher
        • Viruses, 5.2 times higher
        • Spyware, 1.4 times higher
        • Malicious documents, 1.4 times higher
        • Worms, 1.3 times higher
        • Ransomware, 1.2 times higher
        • Malicious scripts and phishing pages, 1.2 times higher
        Threat sources

        The region ranked first in the world by percentage of ICS computers on which threats from network folders were blocked, exceeding the global average by 2.6 times.

        With regard to threats from the internet, the region ranked second in the world, slightly exceeding the global average.

        The region ranked third in the world by percentage of ICS computers on which malicious threats from removable devices were blocked, exceeding the global average by 1.8 times.

        The percentage of computers on which threats from email clients were blocked exceeded the global average by 1.4 times in Q2 2024.

        Quarterly changes and trends

        Threat categories

        The largest quarterly increase was in the percentage of ICS computers on which the following were blocked:

        • Malicious documents – by 1.2 times
        • Ransomware – by 1.2 times

        • The top threat categories exhibit various quarterly dynamics:
        • The heatmap below illustrates changes in the rankings of threat categories in the region over a period of 2.5 years. Viruses have been the leading threat category in the region since Q1 2024. Malicious scripts and phishing moved up from third to second place in Q2 2024, while denylisted internet resources dropped from first place in the first half of 2023 to third in Q2 2024.
        Threat sources
        • Almost all threat sources except for email clients exhibited a decrease in terms of the percentage of ICS computers on which they were blocked. Threats from email clients increased by a factor of 1.1. In terms of quarterly changes, the major threat sources have shown mostly downward long-term trends.

        Threats from removable devices and network folders are significantly above the respective global averages.

        Industries

        • The most affected industries in the region, as selected for this report, are:
          • Building automation
          • Energy
        • Compared to the global averages, the following industries had a significantly higher percentage of ICS computers on which malicious objects were blocked:
          • Manufacturing – 1.5 times higher
          • Energy – 1.2 times higher
        • In Q2 2024, all selected sectors experienced a decrease in the percentage of ICS computers where malicious objects were blocked, with the exception of building automation, which remained unchanged.
        • The trends in the selected sectors demonstrate overall positive dynamics, though they are marked by steep jumps and extended periods of slow increases and declines.

        Central Asia

        Current threats

        Overall

        Third place in the global ranking by percentage of ICS computers on which malicious objects were blocked.

        The percentage of ICS computers where malicious objects were blocked remains higher than the global average, although the gap has tended to narrow since Q1 2023.

        Comparative analysis

        Central Asia occupies leading positions among regions by percentage of ICS computers on which the following were blocked:

        • First place: threats from the internet, miner executable files for Windows
        • Second place: denylisted internet resources, worms
        Threat categories

        Compared to the global average, the region has a higher percentage of ICS computers on which the following were blocked:

        • Worms, 1.8 times higher
        • Miners in the form of executable files for Windows, 1.8 times higher. This threat category ranks fifth (seventh place globally).
        • Spyware, 1.2 times higher
        • Denylisted internet resources, 1.1 times higher
        Threat sources

        The region ranked first in the world by percentage of ICS computers on which threats from the internet were blocked, exceeding the global average by a factor of 1.1.

        The percentage of ICS computers on which threats from removable devices were blocked exceeded the global average by 1.5 times in Q2 2024.

        Quarterly changes and trends

        Threat categories

        The largest quarterly increase was in the percentage of ICS computers on which the following were blocked:

        • Malicious documents – by 1.2 times
        • Web miners – by 1.2 times
        • Spyware – by 1.1 times
        • Ransomware – by 1.1 times
        • The top threat categories exhibit various quarterly dynamics:
        • The heatmap below illustrates changes in the rankings of threat categories in the region over a period of 2.5 years. Denylisted internet resources have been the leading threat category in the region since Q1 2022, with the exception of Q4 2022 and Q4 2023. Spyware moved from third to second place in Q1 2024.
        Threat sources

        In Q2 2024, the region exhibited an increase in the percentage of ICS computers on which threats from the internet were blocked, exceeding the global average by a factor of 1.1.

        Threats from email clients also saw a slight increase in Q2 2024.

        Threats from removable devices have been above the global average since Q1 2022, although the gap significantly narrowed by Q3 2023 compared to early 2022, and has remained steady since.

        Industries

        • The most affected industry in the region, as selected for this report, was building automation.
        • From a global perspective, the percentage of ICS computers on which malicious objects were blocked in the building automation sector was 1.2 times higher than the global average for the industry:

        In Q2 2024, building automation, and engineering & ICS integration saw a slight increase in the percentage of ICS computers on which malicious objects were blocked.

        • The trends in the selected sectors demonstrate overall positive dynamics.

        Middle East

        Current threats

        Overall

        Fourth place in the global ranking by percentage of ICS computers on which malicious objects were blocked.

        The percentage of ICS computers where malicious objects were blocked has remained higher than the global average since Q1 2022.

        Comparative analysis

        The Middle East occupies leading positions among regions by percentage of ICS computers on which the following were blocked:

        • First place: ransomware
        • Second place: spyware, malicious scripts and phishing pages, web miners
        • Third place: worms, threats from email clients
        Threat categories
        • Compared to the global figures, the region has a higher percentage of ICS computers on which all categories of threats were blocked, except for denylisted internet resources, executable miners, and malware for AutoCAD.

        Specifically, the following threat categories showed significantly higher values:

        • Ransomware, 1.8 times higher
        • Web miners, 1.6 times higher
        • Spyware, 1.5 times higher
        • Worms, 1.5 times higher
        • Visruses, 1.3 times higher
        • Malicious scripts and phishing pages, 1.2 times higher
        • Malicious documents, 1.2 times higher
        Threat sources

        The region ranked third in the world by percentage of ICS computers on which threats from email clients were blocked, exceeding the global average by a factor of 1.6.

        The percentage of computers on which threats from removable devices were blocked exceeded the global average by 1.4 times in Q2 2024.

        Quarterly changes and trends

        Threat categories
        • The largest quarterly increase was in the percentage of ICS computers on which the following were blocked:
          • Ransomware – by 1.2 times
          • Miners in the form of executable files – by 1.1 times
          • Spyware – by 1.1 times
        • The top threat categories exhibit various quarterly dynamics:
        • The heatmap below illustrates changes in the rankings of threat categories in the region over a period of 2.5 years. Malicious scripts and phishing pages have been the leading threat category in the region since Q1 2022. Spyware moved up from third to second place in Q2 2024.
        Threat sources

        The trend for threats from email clients has been above the global average since Q1 2022. The gap widened in Q3 2023 and has remained mostly steady since.

        Threats from removable devices have been above the global average since Q1 2022. The gap had significantly narrowed by Q2 2023 compared to early 2022, and has remained steady since.

        Industries

        • The most affected industry in the region, as selected for this report, was building automation.
        • From a global perspective, the following industries saw a higher percentage of ICS computers on which malicious objects were blocked:
          • Building automation – 1.1 times higher
          • Energy – 1.1 times higher
          • Oil and gas – 1.1 times higher respectively
        • In Q2 2024, the oil and gas sector exhibited a slight increase in the percentage of ICS computers on which malicious objects were blocked, while the other sectors saw a decrease.
        • The trends in the selected sectors demonstrate overall positive dynamics.

        Eastern Europe

        Current threats

        Overall

        Fifth place in the global ranking by percentage of ICS computers on which malicious objects were blocked. Before Q2 2023, the region did not rank higher than ninth place.

        In Q2 2024, the percentage of ICS computers on which malicious objects were blocked was the same as the global average.

        Comparative analysis

        Eastern Europe ranked second among regions by percentage of ICS computers on which threats from email clients were blocked.

        Threat categories

        Compared to the global figures, the region has a higher percentage of ICS computers on which all categories of threats were blocked, except for viruses and malware for AutoCAD.

        Specifically, the following threat categories showed significantly higher values compared to the global average:

        • Spyware, 1.3 times higher
        • Web miners, 1.3 times higher
        • Malicious documents, 1.2 times higher
        Threat sources

        The region ranked second in the world by percentage of ICS computers on which threats from email clients were blocked, exceeding the global average by 1.6 times.

        Quarterly changes and trends

        Threat categories
        • The largest quarterly increase was in the percentage of ICS computers on which the following were blocked:
          • Spyware, by 1.1 times. Ranked third in the world in terms of growth
          • Ransomware, by 1.1 times.
        • The top threat categories exhibit various quarterly dynamics:
        • The heatmap below illustrates changes in the rankings of threat categories in the region over a period of 2.5 years. Denylisted internet resources has been the leading threat category in the region since Q1 2024. Malicious scripts and phishing pages fell from first to second place in Q1 2024. 
        Threat sources

        In Q2 2024, threats from email clients in Eastern Europe ranked third in the world in terms of growth. The trend has been above the global average throughout the observed period. The gap began to widen noticeably in Q2 2023 and reached its maximum in Q2 2024.

        Threats from the internet and removable devices have exhibited a downward trend over the past three quarters. 

        Industries

        • The most affected industry in the region, as selected for this report, was building automation.
        • Compared to the respective global averages, all selected industries demonstrated lower percentages of ICS computers on which malicious objects were blocked.

        In Q2 2024, all sectors under observation saw a decrease in the percentage of ICS computers on which malicious objects were blocked.

        The trends in the selected sectors demonstrate a general stabilization after a notable rise in 2022.

        Russia

        Current threats

        Overall

        Sixth in the global ranking by percentage of ICS computers on which malicious objects were blocked.

        With the exception of Q3 and Q4 2022, the percentage of ICS computers on which malicious objects were blocked in the region is slightly lower than the global average.

        Comparative analysis

        • Russia occupies leading positions among regions by percentage of ICS computers on which the following were blocked:
          • First place – denylisted internet resources
          • Second place – miners in the form of executable files for Windows
          • Third place – threats from the internet
        Threat categories

        Compared to global figures, the region has a higher percentage of ICS computers on which the following threat categories were blocked:

        • Miners in the form of executable files for Windows, 1.3 times higher
        • Denylisted internet resources, 1.2 times higher
        Threat sources

        The region ranked third in the world by percentage of ICS computers on which malicious threats from the internet were blocked.

        Quarterly changes and trends

        Threat categories
        • The largest proportional quarterly increase in Q2 2024 was in the percentage of ICS computers on which the following were blocked:
          • Malicious documents, by 1.2 times.
          • Malware for AutoCAD, by 1.2 times.
        • The top threat categories exhibit various quarterly dynamics:

        The heatmap below illustrates changes in the rankings of threat categories in the region over a period of 2.5 years. Denylisted internet resources have been the leading threat category in the region since Q3 2023.

        Threat sources
        • Threats from the internet (by percentage of ICS computers where they were blocked) have exhibited a slightly oscillating downward trend since Q4 2022 and have remained very close to the global average since Q2 2023.
        • Other threat sources also exhibit predominantly downward trends.

        Industries

        • The most affected industries in the region, as selected for this report, are:
          • Engineering and ICS integration
          • Building automation
          • Energy
             
        • Compared to the global averages, the following industries had a higher percentage of ICS computers on which malicious objects were blocked:
          • Engineering and ICS Integration, 1.1 times higher
          • Manufacturing, slightly higher
        • In Q2 2024, all the selected industries in the region exhibited a decrease in the percentage of ICS computers on which malicious objects were blocked.

        The selected sectors have shown mostly positive dynamics in their long-term trends since Q4 2022:

        Latin America

        Current threats

        Overall

        Seventh place in the global ranking by percentage of ICS computers on which malicious objects were blocked. The region demonstrates a downward trend.
        The percentage of ICS computers on which malicious objects were blocked has been slightly below the global average throughout the observed period, except at the beginning of 2022.

        Comparative analysis

        • Latin America occupies leading positions among regions by percentage of ICS computers on which the following were blocked:
          • Second place – malicious documents
          • Third place – web miners, ransomware, threats from email clients
        Threat categories

        Compared to global figures, the region has a higher percentage of ICS computers on which the following threat categories were blocked:

        • Malicious documents, 1.7 times higher
        • Web miners, 1.4 times higher
        • Malicious scripts and phishing pages, 1.2 times higher
        • Spyware, 1.2 times higher
        • Ransomware, 1.2 times higher
        Threat sources

        The region ranked third in the world by percentage of ICS computers on which malicious threats from email clients were blocked, exceeding the global average by 1.6 times.

        Quarterly changes and trends

        Threat categories
        • The largest quarterly increase was in the percentage of ICS computers on which the following were blocked:
          • Ransomware – by 1.7 times
          • Web miners running in browsers – by 1.2 times
          • Miners in the form of executable files for Windows – by 1.2 times.
        • The top threat categories exhibit various quarterly dynamics:

        The heatmap below illustrates changes in the rankings of threat categories in the region over a period of 2.5 years. Malicious scripts and phishing pages have been the leading threat category in the region throughout the observed period. Spyware moved up from fourth to third place in Q4 2023 and has held that position since. 

        Threat sources
        • Threats from email clients (in terms of percentage of ICS computers where they were blocked) exhibit a downward trend consistent with the global trend, but noticeably above the global average.
        • Overall, all major sources exhibit downward trends.

        Industries

        • The most affected industry in the region, as selected for this report, was building automation.
        • From a global perspective, the percentage of ICS computers on which malicious objects were blocked in the oil and gas industry was 1.1 times higher than the sector’s global average.
        • In Q2 2024, all selected sectors in the region exhibited a decrease in the percentage of ICS computers on which malicious objects were blocked.

        The selected sectors have shown mostly positive dynamics in their long-term trends since Q1 2023:

        South Asia

        Current threats

        Overall

        Eighth place in the global ranking by percentage of ICS computers on which malicious objects were blocked. The region demonstrates a slow downward trend with some fluctuations. The percentage of ICS computers on which malicious objects were blocked has been below the global average since Q4 2023.

        Comparative analysis

        • South Asia occupies leading positions among regions by percentage of ICS computers on which the following were blocked:
          • Second place – threats from removable devices
          • Third place – ransomware, threats from network folders
        Threat categories
        • Compared to the global average, the region has a noticeably higher percentage of ICS computers on which the following were blocked:
          • Ransomware, 1.2 times higher
          • Worms, 1.2 times higher. Worms ranked fourth in the regional ranking of threat categories by percentage of ICS computers on which they were blocked (sixth globally)
          • Viruses, 1.1 times higher
        Threat sources

        South Asia ranks second globally by percentage of ICS computers on which malicious threats from removable devices were blocked, surpassing the global average by 2.1 times.

        Additionally, the region is third in the global ranking for the percentage of ICS computers on which malicious threats from network folders were blocked, exceeding the global average by a factor of 1.6.

        Quarterly changes and trends

        Threat categories
        • The largest quarterly increase was in the percentage of ICS computers on which the following were blocked:
          • Malicious documents, by 1.2 times
          • Miners in the form of executable files for Windows, by 1.1 times
          • Malware for AutoCAD, by 1.1 times

        • The top threat categories exhibit various quarterly dynamics:
        • The heat map below illustrates changes in the rankings of threat categories in the region over a period of 2.5 years. Denylisted internet resources have been the leading threat category in the region since Q1 2023, with the exception of Q4 2023. Malicious scripts and phishing pages have ranked second since Q1 2023 with the exception of Q4 2023 when they were in first place. Viruses and worms have consistently ranked high throughout the observed period, mostly alternating between fourth and fifth place.
        Threat sources

        In Q2 2024, the percentage of ICS computers on which threats from email clients were blocked increased 1.1 times compared to the previous quarter, making it the second biggest threat source in the region (this source was third in Q1 2024). 

        Since Q1 2022, threats from removable drives in South Asia had consistently placed second in the regional ranking by percentage of ICS computers on which malicious objects from various sources were blocked. However, in Q2 2024, the threat level from removable devices dropped, falling below that of email clients.

        From a global perspective, the percentage of ICS computers on which threats from removable devices were blocked in South Asia closely followed the global trend, staying well above the global average. However, the gap between these trends has mostly become narrower since Q4 2022.

        The percentage of ICS computers where threats from network folders were blocked follows the global trend. However, in Q3 2023, the regional trend diverged from the global one, rising noticeably above the global average.

        Industries

        • The most affected industry in the region, as selected for this report, was building automation.
        • From a global perspective, all sectors under consideration exhibited a lower percentage of ICS computers on which malicious objects were blocked than the respective global averages.
        • In Q2 2024, all selected sectors in the region exhibited a decrease in the percentage of ICS computers on which malicious objects were blocked.

        The selected sectors show mostly positive dynamics in their long-term trends since Q1 2024:

        East Asia

        Current threats

        Overall

        Ninth place in the global ranking by percentage of ICS computers on which malicious objects were blocked.

        One of four regions that saw an increase in the percentage of ICS computers on which malicious objects were blocked.

        East Asia demonstrates a slow downtrend with fluctuations. The percentage of ICS computers on which malicious objects were blocked has been below the global average since Q3 2023.

        Comparative analysis

        • East Asia occupies leading positions among regions by percentage of ICS computers on which the following were blocked:
          • First place – threats from network folders
          • Second place – malware for AutoCAD
          • Third place – viruses
        • The only region in which spyware topped the malware category ranking in terms of the percentage of ICS computers on which it was blocked.
        Threat categories
        • Compared to the global average, the region has a noticeably higher percentage of ICS computers on which the following were blocked:
          • Malware for AutoCAD, 3.7 times higher
          • Viruses, 1.9 times higher
          • Worms, 1.2 times higher
        Threat sources

        East Asia ranked first among the regions by percentage of ICS computers where malicious threats from network folders were blocked, surpassing the global average by 2.7 times.

        The percentage of ICS computers on which threats from removable devices were blocked in the region was 1.7 times higher than the global average.

        Quarterly changes and trends

        Threat categories
        • All threat categories except for denylisted internet resources saw growth in Q2 2024.
        • The largest quarterly increase was in the percentage of ICS computers on which the following were blocked:
          • Ransomware – by 1.3 times
          • Miners in the form of executable files for Windows – by 1.3 times
          • Malicious documents – by 1.2 times
          • Malicious scripts and phishing pages – by 1.2 times

        • The top threat categories exhibit various quarterly dynamics:
        • The heatmap below illustrates changes in the rankings of threat categories in the region over a period of 2.5 years. Spyware has been the leading threat category in the region since Q4 2023, jumping from third to first place and replacing malicious scripts and phishing pages
        Threat sources
        • Network folder threats which were blocked on ICS computers in East Asia showed a declining trend from the second half of 2022 to Q1 2024 but stayed consistently higher than the global average. While the global rate remained relatively stable at lower levels, the gap between East Asia and the global average gradually narrowed up to Q1 2024, with only a slight rise observed in East Asia in Q2 2024.
        • In Q2 2024, the region exhibited an increase in threats distributed via removable devices, in contrast to the global average.
        • Overall, all major sources exhibit downward trends.

        Industries

        • The most affected industry in the region, as selected for this report, was energy.
        • Compared to the respective global averages, the following sectors in the region saw a higher percentage of ICS computers on which malicious objects were blocked:
          • Energy, 1.3 times higher
          • Manufacturing, 1.1 times higher
        • In Q2 2024, all sectors exhibited an increase in the percentage of ICS computers on which malicious objects were blocked. The following sectors saw noticeably higher values compared to the previous quarter:
          • Energy, 1.1 times higher
          • Building automation, 1.1 times higher

        The energy sector consistently exhibited the highest rate of blocked malicious objects on ICS computers throughout the period, significantly above the regional average. In contrast, other sectors experienced a downward trend from 2022 until Q1 2024, followed by an increase in Q2 2024:

        Southern Europe

        Current threats

        Overall

        Tenth place in the regional ranking.

        In Southern Europe, the percentage of ICS computers on which malicious objects were blocked is normally below the global average.

        Comparative analysis

        Southern Europe occupies leading positions among regions by percentage of ICS computers on which the following were blocked:

        • First place – threats from email clients, malicious scripts and phishing pages, malicious documents.
        • Third place – spyware.
        Threat categories
        • Compared to the global average, the region has a higher percentage of ICS computers on which the following were blocked:
          • Malicious documents, 1.9 times higher
          • Spyware, 1.5 times higher
          • Malicious scripts and phishing pages, 1.3 times higher
        Threat sources

        Southern Europe ranked first in the world by percentage of ICS computers where malicious threats from email clients were blocked, surpassing the global average by 2.3 times.

        Other threat sources remained below their respective global averages.

        Quarterly changes and trends

        Threat categories
        • The largest quarterly increase in absolute terms was in the percentage of ICS computers on which spyware was blocked. In terms of proportional increases, the following threat categories showed significant changes:
          • Ransomware, by 1.6 times
          • Malicious documents, by 1.2 times
        • The top threat categories exhibit various quarterly dynamics:
        • The heatmap below illustrates changes in the rankings of threat categories in the region over a period of 2.5 years. Malicious scripts and phishing pages have been the leading threat category in the region throughout the observed period. Spyware moved from third to second place in Q2 2024. It alternated between second and third place throughout the observed period. 
        Threat sources

        In Q2 2024, the percentage of ICS computers on which threats from email clients were blocked increased compared to the previous quarter. The long-term trends, both local and global, for email client threats remained mostly consistent with each other until Q3 2023. However, since Q4 2023, the trends have started to diverge. 

        The local and global long-term trends for threats from the internet have been mostly consistent with each other since Q3 2023. Both trends have been declining since Q1 2024.

        Industries

        • The most affected industry in the region, as selected for this report, was building automation.
        • Compared to the respective global averages, the building automation sector saw a higher percentage of ICS computers on which malicious objects were blocked.
        • In Q2 2024, building automation was the only sector under observation that exhibited an increase in the percentage of ICS computers on which malicious objects were blocked.
        • All selected sectors exhibit fluctuating trends in terms of percentage of ICS computers on which malicious objects were blocked. The rate in the building automation sector remains consistently higher than the regional average. Meanwhile, the other sectors have maintained steady, lower percentages since Q2 2023 with modest fluctuations throughout the period.

        Australia and New Zealand

        Current threats

        Overall

        Eleventh place in the regional ranking.

        One of four regions that saw an increase in the percentage of ICS computers on which malicious objects were blocked.

        The percentage of ICS computers on which malicious objects were blocked in the region is less than the global figure.

        Comparative analysis

        Threat categories

        Compared to the global average, the region has a higher percentage of ICS computers on which the following were blocked:

        • Web miners – 1.4 times higher
        • Malicious scripts and phishing pages – 1.2 times higher
        Threat sources

        The percentage of ICS computers on which threats from email clients were blocked surpassed the global average by a factor of 1.1.

        Other threat sources remained below their respective global averages.

        Quarterly changes and trends

        Threat categories
        • Compared to the previous quarter, the largest proportional increase was in the percentage of ICS computers on which the following were blocked:
          • Malware for AutoCAD – by 1.9 times
          • Ransomware – by 1.6 times
          • Worms – by 1.5 times
          • Viruses – by 1.5 times
          • Spyware – by 1.2 times
          • Denylisted internet resources – by 1.2times

        • The top threat categories exhibit various quarterly dynamics:
        • The heatmap below illustrates changes in the rankings of threat categories in the region over a period of 2.5 years. Malicious scripts and phishing pages have been the leading threat category in the region throughout the observed period, while denylisted internet resources have consistently ranked second.
        Threat sources

        In Q2 2024, the percentage of ICS computers on which threats from the internet were blocked increased compared to the previous quarter by a factor of 1.1. The long-term local and global trends had been diverging but the gap between them has generally narrowed in recent quarters.

        The long-term trend for email client threats shows mostly downward movement, while remaining above the global average throughout the observed period. However, in Q2 2024, the gap narrowed significantly.

        The long-term trend for threats from removable devices has been significantly below the global average throughout the observed period. After a noticeable drop in Q3 2023, the rate remained low with some fluctuations, followed by an increase in Q2 2024. 

        Industries

        • The most affected industry in the region, as selected for this report, was building automation.
        • Compared to the respective global averages, all sectors under study saw a lower percentage of ICS computers on which malicious objects were blocked.
        • In Q2 2024, all sectors under study exhibited an increase in the percentage of ICS computers on which malicious objects were blocked compared to the previous quarter. The largest increase was in engineering and ICS integration – 1.1 times more.
        • The building automation and engineering & ICS integration sectors exhibit highly fluctuating trends, oscillating around the regional average until Q3 2023 in terms of the percentage of ICS computers on which malicious objects were blocked. Both trends have stabilized above the regional average since Q4 2023. Meanwhile, the construction sector has shown a mostly downward trend, remaining below the regional average since Q4 2022.

        USA and Canada

        Current threats

        Overall

        Twelfth place in the regional ranking.

        One of the four regions that saw an increase in the percentage of ICS computers on which malicious objects were blocked, ranking fourth globally for the extent of the increase.

        In general, this is one of the safest regions, with one of the lowest percentages of ICS computers on which malicious objects were blocked.

        The percentage of ICS computers on which malicious objects were blocked in the region is lower than the global average.

        Comparative analysis

        Threat categories
        • Compared to the global average, the percentage of ICS computers in the region on which each threat type was blocked was lower across all threat types.
        • Web miners were fifth in the ranking of malware categories by percentage of ICS computers on which they were blocked (eighth globally). Since the beginning of 2024, the percentage of ICS computers on which threats from this category were blocked in the region is close to the global average.
        Threat sources

        All threat sources showed values noticeably below their respective global averages.

        Quarterly changes and trends

        Threat categories
        • The largest quarterly increase was in the percentage of ICS computers on which the following were blocked:
          • Ransomware – 1.8 times higher, ranking third globally by the size of the increase. As a result, the percentage for ransomware in the region was close to the global figure
          • Denylisted internet resources – 1.2 times higher, ranking third globally by the size of the increase
          • Spyware – 1.1 times higher
          • Malicious documents – 1.1 times higher

        • The top threat categories exhibit various quarterly dynamics:
        • The heatmap below illustrates changes in the rankings of threat categories in the region over a period of 2.5 years. Malicious scripts and phishing pages have been the leading threat category in the region throughout the observed period, while denylisted internet resources have consistently ranked second.  Spyware has ranked third for two quarters in a row.
        Threat sources

        In Q2 2024, the percentage of ICS computers on which threats from the internet were blocked increased compared to the previous quarter – by 1.1 times. USA and Canada is one of the four regions that saw an increase, ranking fourth globally by the size of the increase.

        The local and global trends for threats from the internet initially diverged, but the gap between them has gradually narrowed since Q1 2023.

        Industries

        • The most affected industry in the region, as highlighted in this report, was manufacturing. It ranked fifth in the global ranking for the sector.
        • From a global perspective, all sectors in the region remained significantly below the respective global averages.
        • In Q2 2024, all sectors except for building automation exhibited an increase in the percentage of ICS computers on which malicious objects were blocked. The largest increase was in the following sectors:  
          • Manufacturing, 1.1 times higher
          • Energy, 1.1 times higher

        All sectors under study exhibited highly fluctuating trends in the percentage of ICS computers on which malicious objects were blocked until Q1 2023. Since Q3 2023, the trends have stabilized around the regional average, which has shown a mostly downward trend since then.

        Western Europe

        Current threats

        Overall

        Thirteenth place in the regional ranking.

        Western Europe is one of the four regions that saw an increase in the percentage of ICS computers on which malicious objects were blocked – by 1.1 times. The region ranked second in the world by the size of the increase.

        In general, this is one of the safest regions, with one of the lowest percentages of ICS computers on which malicious objects were blocked. The percentage in this region is noticeably lower than the global average.

        Comparative analysis

        Threat categories
        • Compared to the global average, the percentage of ICS computers in the region on which each threat type was blocked was noticeably lower across all threat types.
        Threat sources

        All threat sources showed values noticeably below their respective global averages.

        Quarterly changes and trends

        Threat categories

        The majority of threat categories exhibited an increase in the percentage of ICS computers on which malicious objects were blocked.

        • The largest quarterly increase was in the percentage of ICS computers on which the following were blocked:
          • Malicious documents – 1.6 times higher, ranking first globally by the size of the increase
          • Ransomware – 1.6 times higher
          • Denylisted internet resources – 1.3 times higher, ranking first globally by the size of the increase
          • Spyware – 1.1 times higher
          • Malicious scripts and phishing pages – 1.1 times higher, ranking third globally by the size of the increase
          • Malware for AutoCAD – 1.1 times higher
        • The top threat categories exhibit various quarterly dynamics:
        • The heatmap below illustrates changes in the rankings of threat categories in the region over a period of 2.5 years. Usually ranked second, denylisted internet resources moved up to first place in Q1 2024, pushing malicious scripts and phishing pages down to second. Worms have climbed from seventh in Q1 2022 to fifth in Q2 2024.
        Threat sources
        • Western Europe was among the only three regions that exhibited growth in the percentage of ICS computers on which threats from the internet were blocked.

          The local and global trends for threats from the internet initially diverged, but the gap between the two has been gradually narrowing since Q1 2023.
        • The region also ranked second in the world in terms of the growth in the percentage of ICS computers on which threats distributed via email clients were blocked.
          In Q2 2024, the gap between the long-term global and regional trends for threats from email clients narrowed to its smallest value during the observed period.

        Industries

        • The most affected industry in the region, as featured in this report, was building automation.
        • From a global perspective, all sectors in the region remained significantly below the respective global averages.
        • In Q2 2024, all sectors except for manufacturing exhibited an increase in the percentage of ICS computers on which malicious objects were blocked. The largest increase was in the following sectors: 
          • Energy – 1.2 times higher
          • Engineering and ICS integration – 1.1 times higher

        All sectors under study exhibited fluctuating trends in the percentage of ICS computers on which malicious objects were blocked. Building automation exhibits a gradual downward trend.

        Northern Europe

        Current threats

        Overall

        Fourteenth place in the regional ranking.

        Traditionally the region has the lowest percentage of ICS computers on which malicious objects were blocked. The percentage is noticeably below the global average.

        Comparative analysis

        Threat categories

        For all threat types, the percentage of ICS computers in the region on which each was blocked was noticeably lower than the corresponding global average.

        • Miners in the form of executable files for Windows were fifth in the ranking of threat categories by percentage of ICS computers on which they were blocked (seventh globally). The percentage has been growing since Q1 2024.
        • Web miners were sixth in the ranking of threat categories by percentage of ICS computers on which they were blocked (eighth globally). The percentage is close to the global average.
        Threat sources

        All threat sources showed values noticeably below their respective global averages.

        Quarterly changes and trends

        Threat categories
        • The majority of threat categories exhibited an increase in the percentage of ICS computers on which malicious objects were blocked.

        The largest quarterly increase was in the percentage of ICS computers on which the following were blocked:

        • Malware for AutoCAD, 2.4 times higher
        • Malicious documents, 1.5 times higher
        • Ransomware, 1.5 times higher
        • Worms, 1.2 times higher

        • The top threat categories exhibit various quarterly dynamics:
        • The heatmap below illustrates changes in the rankings of threat categories in the region over a period of 2.5 years. Denylisted internet resources moved back to first place in Q1 2024, a position they previously held from Q1 2023 to Q3 2023, alternating with malicious scripts and phishing pages.
        Threat sources
        • The region saw an increase in the percentage of ICS computers on which threats distributed via email clients were blocked.
          Overall, the trend for email client threats is predominantly downward.
        • The trend for threats from the internet generally demonstrated a gradual increase until Q4 2023, followed by a decline from Q1 2024.

        Industries

        • The most affected industry in the region, as highlighted in this report, was building automation. It ranked fifth in the global ranking of the selected sectors.
        • From a global perspective, all sectors under study in the region remained significantly below the respective global averages.

        In Q2 2024, the energy sector exhibited an increase in the percentage of ICS computers on which malicious objects were blocked – by 1.2 times.

        • All sectors under study exhibited fluctuating trends in the percentage of ICS computers on which malicious objects were blocked. The building automation trend shows gradual decline, while energy, and engineering & ICS integration exhibit fluctuating long-term trends.

        Methodology used to prepare statistics

        This report presents the results of analyzing statistics obtained with the help of Kaspersky Security Network (KSN). The data was received from KSN users who consented to its anonymous sharing and processing for the purposes described in the KSN Agreement for the Kaspersky product installed on their computer.

        The benefits of joining KSN for our customers include faster response to previously unknown threats and a general improvement in the quality of detection by their Kaspersky installation achieved by connecting to a cloud-based repository of malware data that is not transferable to the customer in its entirety by nature of its size and the amount of resources that it uses.

        Data shared by the user contains only the data types and categories described in the appropriate KSN Agreement. This data helps to a significant extent in analyzing the threat landscape and serves as a prerequisite for detecting new threats including targeted attacks and APTs[1].

        Statistical data presented in the report was obtained from ICS computers that were protected with Kaspersky products and which Kaspersky ICS CERT categorized as enterprise OT infrastructure. This group includes Windows computers that serve one or several of the following purposes:

        • Supervisory control and data acquisition (SCADA) servers
        • Building automation servers
        • Data storage (Historian) servers
        • Data gateways (OPC)
        • Stationary workstations of engineers and operators
        • Mobile workstations of engineers and operators
        • Human machine interface (HMI)
        • Computers used to manage technological and building automation networks
        • Сomputers of ICS/PLC programmers

        Computers that share statistics with us belong to organizations from various industries. The most common are the chemical industry, metallurgy, ICS design and integration, oil and gas, energy, transport and logistics, the food industry, light industry, pharmaceuticals. This also includes systems from engineering and integration firms that work with enterprises in a variety of industries, as well as building management systems, physical security, and biometric data processing.

        We consider a computer as attacked if a Kaspersky security solution blocked one or more threats on that computer during the period in review: a month, six months, or a year depending on the context as can be seen in the charts above. To calculate the percentage of machines whose malware infection was prevented, we take the ratio of the number of computers attacked during the period in review to the total number of computers in the selection from which we received anonymized information during the same period.

        [1] We recommend that organizations subject to restrictions on sharing any data outside the corporate perimeter consider using Kaspersky Private Security Network.

        buildings automation
        energy sector
        ICS engineering
        ICS integration
        malware
        phishing
        ransomware
        spyware
        statistics

        See also

        Newsletter subscription