In the first half of 2020, ICS sectors saw a decrease in attacks, while building automation and oil & gas companies have seen an increase.

The scoop

  • The internet, emails, and removable media continue to pose major threats in the ICS environment.
  • According to the Kaspersky report, Asia and Africa are the least secure regions.
  • More families of spyware, backdoors, and Win32 exploits have been observed to be built on the .NET platform.

New players in the threat landscape

  • Six critical flaws have been identified in CodeMeter, a third-party software component, used by various industrial systems. This poses a grave challenge in the form of larger patch management.
  • The discovery of Ripple20, a set of 19 vulnerabilities, exposed millions of organizations to possible cyberattacks.
  • An APT campaign - WildPressure - was found in March that used the Milum trojan. Milum is capable of controlling devices remotely.

The pandemic effect

  • The COVID-19 pandemic has had a significant impact on the threat landscape, with a sudden shift to work from home conditions.
  • The subject of coronavirus has been exploited in targeted and large-scale attacks.
  • An APT group was found to be targeting Azerbaijani enterprises leveraging COVID-19 as a lure.

The bottom line

Researchers have witnessed an increased prevalence of malware campaigns targeting operational technology (OT) networks. Thus, patching security vulnerabilities is the first step to stay protected from these attacks.

Cyware Publisher