Global statistics

Statistics on all threats

In the first quarter of 2024, the percentage of ICS computers that were intercepted by malicious objects fell 0.3 percentage points from the previous quarter to 24.4%. Compared to the first quarter of 2023, the proportion decreased by 1.3 percentage points.

Percentage of ICS computers intercepting malicious objects by quarter from 2022 to 2024

REM630 Selected industries

In terms of the proportion of ICS computers that block malicious objects, building automation consistently leads the industry surveyed.

Percentage of ICS computers in the selected industry that are blocked with malicious objects

In the first quarter of 2024, the percentage of ICS computers that block malicious objects decreased across all industries.

Diversity of detected malware

In the first quarter of 2024, Kaspersky’s protection solutions blocked 10,865 different families of malware belonging to different categories on industrial automation systems.

Percentage of ICS machines that block activity of all types of malicious objects

REM630 Compared to the previous quarter, the most significant increase in the percentage of AutoCAD malware detected in the first quarter of 2024 was among ICS computers with all types of malicious objects blocked: a 1.16x increase.

Major threat source

The Internet, email clients, and removable storage devices continue to be the main sources of threats to computers in an organization’s operational technology infrastructure. Note that the source of the blocked threat can not be reliably identified in all cases. In the first quarter of 2024, the percentage of ICS computers that were blocked from threats from all sources decreased for each major source.

Percentage of ICS computers that block malicious objects from various sources

region

Regionally, the percentage of ICS computers blocking malicious objects during the quarter ranged from 32.4% in Africa to 11.5% in Northern Europe.

Regions ranked by percentage of malicious objects intercepted by ICS computers in the first quarter of 2024

The two regions with the highest percentage of ICS computers under attack were Africa and Southeast Asia, which increased their percentage from the previous quarter.

Number of malicious activities

Malicious object for initial infection

Malicious objects used to initially infect a computer include dangerous Internet resources added to the reject list, malicious scripts and phishing pages, and malicious documents.

According to the logic of cybercriminals, these malicious objects are easy to spread. As a result, they are blocked by security solutions more often than anything else.

Globally and in almost all regions, blacklisted Internet resources, as well as malicious scripts and phishing pages, ranked first in the malware category by percentage of ICS computers that were blocked with that malware.