From Spy Trojans to Ransomware - Cyberthreats industrial organisations in Africa should be aware of

The African region is over-exposed to threats spreading via the Internet, which are the most common initial-access tools for cyber attackers

JOHANNESBURG, South Africa, May 30, 2024/ -- According to Kaspersky (www.Kaspersky.co.za) statistics, in the first quarter of 2024, the percentage of Industrial Control Systems (ICS) computers globally on which malicious objects were blocked decreased by 1.3 percentage points (pp) from the first quarter of the previous year - to 24.4%. In Africa the amount of malware remained almost unchanged, on a level much higher compared to other regions - 32.4% of ICS computers in Africa faced cyberthreats in the first quarter of 2024. In South Africa the figures are 23.5% in Q1 2023 and 25.5% in Q1 2024, Kenya – 28.1% and 30.5%, while in Nigeria – the figures grew from 25.3% to 28%.

In the first quarter of 2024, Kaspersky's protection solutions blocked malware from 10,865 different malware families of various categories on industrial automation systems. The African region is over-exposed to threats spreading via the Internet, which are the most common initial-access tools for cyber attackers. The region also leads in charts of malware spread via removable devices (5.6% of ICS computers faced it, compared to the global figure of 1.13%), which is the other way for cyber attackers to try to bypass the safeguards at the perimeter and to spread within the internal infrastructure.

Malicious objects that are used for initial infection of computers include dangerous Internet resources that are added to denylists (this threat was blocked on 8.78% of ICS computers in Africa), malicious scripts and phishing pages (6.9%), and malicious documents (1.83%). These malicious objects are normally used at the initial phases of the attack chain. As a result, they are blocked by security solutions more often than everything else. This is normally reflected in Kaspersky Security Network statistics.

Malicious objects used to initially infect computers deliver next-stage malware – spyware, ransomware, and miners – to victims' computers. Spyware (Trojan-Spy malware, backdoors and keyloggers), which is mostly used to steal money or confidential data, is also widespread both globally and in Africa (blocked on 6.65% of ICS computers in Africa).

Worms and viruses are types of self-propagating malware. To spread across ICS networks, viruses and worms rely on removable media, network folders, infected files including backups, and network attacks on outdated software. This type of malware is very active in African countries compared to other regions and global average. Extremely high rates of self-propagating malware in the region most probably mean there’s a significant portion of OT infrastructure yet to be protected by security solutions (which is where the malware continuously spreads from) and there’s room for improving the overall cybersecurity culture to follow strict cybersecurity policies.

ICS computers in Africa continue to face covert crypto-mining programs - miners in the form of executable files for Windows and web miners, though this type of malware is decreasing in the recent years. If successfully installed these provide cybercriminals steady earnings from using victim’s computer processing power.

Since AutoCAD software is widely used in ICS organisations, cybercriminals also try to make use of this and similar programs creating special malware, detection of which increased in the first quarter of 2024 compared to previous quarters.

The Middle East and Africa lead among regions where ransomware is spread; though not high in numbers (0.28% and 0.27% of ICS computers faced these respectfully), this may pose serious risk to organisations, especially if data encryption scenario is selected by cybercriminals.

“Africa is actively integrating technologies, but it's important to keep cybersecurity in mind and apply it to both new technologies and currently used solutions. By a security mindset we mean implementing reliable solutions, setting up security policies and educating employees depending on their level of relation with OT. This applies to all infrastructures, but is especially important in operational technology, where risks of material consequences are very high and impact on safety is possible. We hope organisations in Africa will set the stage in the region for a future where technology and security go hand in hand,” says Evgeny Goncharov, Head of Kaspersky’s ICS Cyber Emergency Response Team.

To keep ICS computers protected from various threats, Kaspersky experts recommend:

• Using security solutions for operation technology endpoints and networks, such as Kaspersky Industrial CyberSecurity (http://apo-opa.co/4e0oN1a) to ensure comprehensive protection for all industry critical systems.
• Regularly updating operating systems and application software that are part of the enterprise’s industrial network. Apply security fixes and patches to ICS network equipment as soon as they are available.
• Conducting regular security audits of operation technology networks to identify and eliminate security issues.
• Undertaking dedicated ICS security training for IT security teams and OT engineers, which is crucial to improve responses to new and advanced malicious techniques.
• Using ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological processes and main enterprise assets.
• Protect IT infrastructure using solutions for timely detection of cyberthreats, investigation, and effective remediation of incidents, such as Kaspersky Next (http://apo-opa.co/3KoMxhU).
• Providing the security team responsible for protecting industrial control systems with up-to-date threat intelligence. ICS Threat Intelligence (http://apo-opa.co/3wWHamS) Reporting service provides insights into current threats and attack vectors, as well as the most vulnerable elements in OT and industrial control systems and how to mitigate them.

A full report on ICS threats in the first quarter of 2024 is available at ICS CERT website (http://apo-opa.co/3KnQUtu).

Industrial cybersecurity is one of the main topics being discussed by Kaspersky experts at GITEX Africa in Morocco, on 29-31 May 2024.

Distributed by APO Group on behalf of Kaspersky.

About KasperskyKaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 220,000 corporate clients protect what matters most to them. Learn more at www.Kaspersky.co.za.

SOURCE: Kaspersky