Lucene search

securelistKaspersky ICS CERTSECURELIST:547A660464EBBA1446EC099E718F1EE8
HistoryMar 19, 2024 - 10:00 a.m.

Threat landscape for industrial automation systems. H2 2023

Kaspersky ICS CERT
industrial automation
cyber threats
ics computers
malicious objects
building automation
oil and gas
threat sources
threat categories
northern europe

AI Score




Global statistics across all threats

In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%.

Percentage of ICS computers on which malicious objects were blocked, by half year

Percentage of ICS computers on which malicious objects were blocked, by half year

Selected industries

In H2 2023, building automation once again had the highest percentage of ICS computers on which malicious objects were blocked of all industries that we looked at. Oil and Gas was the only industry to see a slight (0.5 pp) increase in the second half of the year.

Percentage of ICS computers on which malicious objects were blocked in selected industries

Percentage of ICS computers on which malicious objects were blocked in selected industries

Main threat sources

The internet, email clients and removable media remained the main sources of threats to computers connected to enterprise OT networks. In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked dropped for each of the main sources.

Percentage of ICS computers on which malicious objects from various sources were blocked

Percentage of ICS computers on which malicious objects from various sources were blocked

Malicious object categories

Malicious objects blocked by Kaspersky products on ICS computers belonged to many categories. In H2 2023, only one category saw an increase on the first half of the year: ICS computers on which miner executable files for Windows were blocked, by 1.4 times.

Percentage of ICS computers on which the activity of various categories of malicious objects was prevented

Percentage of ICS computers on which the activity of various categories of malicious objects was prevented


In H2 2023, the percentage of computers on which malicious activity was prevented varied across regions from 38.2% in Africa to 14.8% in Northern Europe. The percentage increased in South Asia, Eastern Europe and Southern Europe.

Regions ranked by percentage of ICS computers on which malicious objects were blocked, H2 2023

Regions ranked by percentage of ICS computers on which malicious objects were blocked, H2 2023


Africa leads the region rankings

  • By percentage of ICS computers where malicious objects were blocked (all threats).
  • By percentage of ICS computers on which spyware was blocked.

Regions ranked by percentage of ICS computers on which spyware was blocked, H2 2023

Regions ranked by percentage of ICS computers on which spyware was blocked, H2 2023

  • By percentage of ICS computers on which worms were blocked.

Regions ranked by percentage of ICS computers on which worms were blocked, H2 2023

Regions ranked by percentage of ICS computers on which worms were blocked, H2 2023

  • By percentage of ICS computers on which web miners were blocked.

Regions ranked by percentage of ICS computers on which browser-based web miners were blocked, H2 2023

Regions ranked by percentage of ICS computers on which browser-based web miners were blocked, H2 2023

  • By percentage of ICS computers on which removable media threats were blocked

Regions ranked by percentage of ICS computers on which removable media threats were blocked, H2 2023

Regions ranked by percentage of ICS computers on which removable media threats were blocked, H2 2023

Southern Europe

  • Leads the regions by percentage of ICS computers on which email threats (malicious email attachments and phishing links) were blocked.

Regions ranked by percentage of ICS computers on which malicious email attachments and phishing links were blocked, H2 2023

Regions ranked by percentage of ICS computers on which malicious email attachments and phishing links were blocked, H2 2023

  • Second among the regions by percentage of ICS computers on whichmalicious documents were blocked.
  • One of the two regions where the percentage of ICS computers on which spyware was blocked rose in the six-month period.

Eastern Europe

  • Saw the largest, among all regions, increase in the percentage of ICS computers on which malicious objects were blocked in H2 2023:6 pp. Secondamong the regions by percentage of ICS computers on whichmalicious scripts and phishing pages were blocked*.
  • In the six-month period, the region saw a rise in the percentage of ICS computers on which the following were blocked:
    • **Malicious scripts and phishing pages:**by 2.9 pp
    • **Miner executable files for Windows:**by 0.9 pp
    • Worms: by 0.43 pp (the only region where this percentage rose)
    • Denylisted internet resources: by 0.4 pp (the only region where this percentage rose).


  • Second among the regions by percentage of ICS computers on whichminers in the form of executable files for Windows were blocked.

Central Asia

  • Leads the regions by percentage of ICS computers on whichdenylisted internet resources were blocked.

Regions ranked by percentage of ICS computers on which denylisted internet resources were blocked, H2 2023

Regions ranked by percentage of ICS computers on which denylisted internet resources were blocked, H2 2023

  • Leads by percentage of ICS computers on whichminers in the form of executable files for Windows were blocked.

Regions ranked by percentage of ICS computers on which miners in the form of executable files for Windows were blocked, H2 2023

Regions ranked by percentage of ICS computers on which miners in the form of executable files for Windows were blocked, H2 2023

  • Second among the regions by percentage of ICS computers on whichworms were blocked.

East Asia

  • Leads the regions by percentage of ICS computers on whichmalware for AutoCAD was blocked.
  • Second among the regions by percentage of ICS computers on whichviruses were blocked.
  • Spyware ranked second in the region among all malware categories by percentage of ICS computers on which it was blocked.

South-East Asia

  • Leader among the regions by percentage of ICS computers on whichviruses were blocked.

Regions ranked by percentage of ICS computers on which viruses were blocked, H2 2023

Regions ranked by percentage of ICS computers on which viruses were blocked, H2 2023

  • Viruses ranked third in the regionamong all malware categories by percentage of ICS computers on which they were blocked.

South Asia

  • Leader (along with the Middle East) among the regions by percentage of ICS computers on whichransomware was blocked.

Regions ranked by percentage of ICS computers on which ransomware was blocked, H2 2023

Regions ranked by percentage of ICS computers on which ransomware was blocked, H2 2023

Middle East

  • Leads (together with South Asia) the regions by percentage of ICS computers on whichransomware was blocked.
  • Second among the regions by percentage of ICS computers on whichspyware was blocked.
  • Second among the regions by percentage of ICS computers on whichweb miners were blocked.

Latin America

  • Leads the regions by percentage of ICS computers on whichmalicious scripts and phishing pages were blocked.

Regions ranked by percentage of ICS computers on which malicious scripts and phishing pages were blocked, H2 2023

Regions ranked by percentage of ICS computers on which malicious scripts and phishing pages were blocked, H2 2023

  • Leader by percentage of ICS computers on whichmalicious documents were blocked.

Regions ranked by percentage of ICS computers on which malicious documents were blocked, H2 2023

Regions ranked by percentage of ICS computers on which malicious documents were blocked, H2 2023

  • Secondamong the regions by percentage of ICS computers on whichmalicious email attachments and phishing links** were blocked.**

Australia and New Zealand

  • The only region where the percentage of ICS computers on which malicious documents were blocked rose in the six-month period.

The full report is available on the Kaspersky ICS CERT website.

AI Score


