Skip to main content

Woburn, MA –March 25, 2021 – According to new Kaspersky research, while the percentage of ICS computers on which malicious objects were blocked had declined since the second half of 2019, as of the second half of 2020, this number has started to rise again. Overall, the percentage of ICS computers attacked increased in 62% of the countries examined by Kaspersky researchers and across all five industries studied.

Attacks against industrial organizations always carry the potential to be particularly devastating, both in terms of disruption to production and financial losses. In addition, because of the highly sensitive information industrial organizations possess, they tend to be an attractive target for attackers. In H2 2020, threats to ICS computers again started to rise, with both the percentage of attacked ICS increasing globally by .85 percentage points and the variety of malware families used increasing by 30%.

Of the industries examined by Kaspersky researchers, those with the greatest percentage of ICS computers attacked were building automation at 46.7%, an increase of nearly 7 percentage points from H1 2020, oil & gas at 44%, an increase of 6.2 percentage points from H1 2020, and engineering and ICS at 39.3%, an increase of nearly 8 percentage points. Threats to the oil and gas and building automation industries have been on the rise since H1 2019. The other two industries examined by Kaspersky researchers (energy and automotive manufacturing) also saw an increase in the percent of ICS computers on which malicious objects were blocked.


Percentage of ICS computers on which malicious objects were blocked in selected industries

Threats belonging to 5,365 malware families were blocked on ICS computers, an increase of 30% from H1 2020. The most prominent threats were backdoors, spyware, other types of Trojans, and malicious scripts and documents.


Number of malware families blocked on ICS computers, by half-year, 2019-2020

Overall, 62% of the countries examined by Kaspersky researchers experienced a growth in the percentage of ICS computers attacked. What’s more, in 73.4% of all countries examined the percentage of ICS computers on which malicious email attachments were blocked grew, increasing on average globally by .7 percentage points.

“2020 was an unusual year in nearly all aspects, and this appears to have led to some unusual trends across the ICS threat landscape,” comments Evgeny Goncharov, head of ICS CERT at Kaspersky. “We typically see a decline in the percentage of ICS computers attacked in the summer months and December as people go on holiday. However, with borders closed and countries on lockdown, it’s likely many didn’t take their vacation and we did not see any noticeable decrease. In addition, while ransomware attacks declined globally, in developed countries, such as the US and Western Europe, the number of attacks actually significantly increased, perhaps because, amidst the current economic downturn, criminals thought these places had businesses with the means to actually pay. With the pandemic still ongoing, it will be important that all industries take extra precautions; with the rest of the world in flux, it’s hard to predict what cybercriminals will do.”

Read more about the ICS threat landscape in H2 2020 on the Kaspersky ICS CERT website.

About Kaspersky ICS CERT

Kaspersky Industrial Control Systems Cyber Emergency Response Team (Kaspersky ICS CERT) is a global project launched by Kaspersky in 2016 to coordinate the efforts of automation system vendors, industrial facility owners and operators, and IT security researchers to protect industrial enterprises from cyberattacks. Kaspersky ICS CERT devotes its efforts primarily to identifying potential and existing threats that target industrial automation systems and the Industrial Internet of Things. Kaspersky ICS CERT is an active member and partner of leading international organizations that develop recommendations on protecting industrial enterprises from cyberthreats.

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at

Media Contact:

Cassandra Faro


Kaspersky finds threats against ICS on the rise in H2 2020

Kaspersky Logo