Skip to main

Woburn, MA — March 3, 2022 According to Kaspersky research, during the second half of 2021, almost 40% of all industrial control systems’ (ICS) computers were attacked by malicious software at least once. While the overall number of attacks slightly decreased when compared to H1 2021, in the second half of the year, the ICS threat landscape has become highly diversified with the percentage of ICS computers on which miners were blocked growing by .5 percentage points, spyware up .7 percentage points and malicious scripts increasingly growing at 1.4 times the rate seen at the beginning of 2020.

According to Kaspersky ICS CERT, the percentage of ICS computers on which malicious objects were blocked in 2021 increased by 1 percentage point from 2020, rising from 38.6% to 39.6%. However, if examined by each 6-month period, attacks have slightly improved since H2 2021 as this figure dropped by 1.4 percentage points for the first time in over a year.

Overall, Kaspersky security solutions blocked over 20,000 malware variants during the second half of 2021. Although this figure did not change much compared to the previous six months, a detailed analysis of detected malware shows that the proportion of ICS computers attacked with spyware, malicious scripts and miners grew.

Malicious scripts are rising steadily year over the year. In H2 2021, the percentage of ICS computers attacked by them increased by 1.4 times from the beginning of 2020 and was up by .5 percentage points compared to the previous half of 2021. Cybercriminals use malicious scripts to achieve various goals ranging from data collection to loading other malware such as spyware or cryptocurrency miners.

As threat actors use scripts more and more, they are also significantly increasingly using spyware and cryptocurrencyminers. The former is mostly used to steal victims’ credentials or money and the percentage of ICS computers attacked with spyware is up by 1.4 percentage points since H1 2020. Spyware continues to grow and is up in use for the third six-month period in a row. The share of ICS computers attacked by miners has more than doubled since H1 2020. During the second half of 2021, we also saw the percentage of web miners grow by .5 percentage points compared to H1 2021.

“While overall, the threat types that find their way to ICS computers have remained relatively the same, we have seen a constant increase in the share of ICS computers facing malicious scripts and phishing pages along with Trojans, spyware and miners which would be normally delivered by the malicious scripts,” comments Kirill Kruglov, security expert at Kaspersky. Crypto miners are generally overlooked as a significant threat, which is not a good approach. While the influence of miners on the office network may be insignificant, in the course of their work and distribution, they can lead to the denial of service for some components of the automated control system.”

Read more about the ICS threat landscape in H2 2021 on the Kaspersky ICS CERT website.

To learn more about threats to ICS and industrial enterprises in 2022, check out the ICS threat predictions for 2022.

To keep your ICS computers protected from various threats, Kaspersky experts recommend:

  • Regularly updating operating systems and applications’ software that are part of the enterprise’s industrial network. Apply security fixes and patches to ICS network equipment as soon as they are available.
  • Conducting regular security assessments of OT systems to identify and eliminate possible vulnerabilities.
  • Dedicated ICS security training for IT security teams and OT engineers. This is crucial to improving the response to new and advanced malicious techniques.
  • Protect industrial endpoints as well as corporate ones. Kaspersky Industrial CyberSecurity solution includes dedicated protection for endpoints and network monitoring to reveal any suspicious and potentially malicious activity in industrial networks. 

About Kaspersky ICS CERT

Kaspersky Industrial Control Systems Cyber Emergency Response Team (Kaspersky ICS CERT) is a global project launched by Kaspersky in 2016 to coordinate the efforts of automation system vendors, industrial facility owners and operators, and IT security researchers to protect industrial enterprises from cyberattacks. Kaspersky ICS CERT devotes its efforts primarily to identifying potential and existing threats that target industrial automation systems and the Industrial Internet of Things. Kaspersky ICS CERT is an active member and partner of leading international organizations that develop recommendations on protecting industrial enterprises from cyberthreats.  

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at

Media Contact:

Cassandra Faro


Kaspersky finds industrial control systems at risk as the share of computers attacked with miners, spyware and malicious scripts on the rise in H2 2021

Kaspersky Logo